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IETHO.DSAN1 , j fRIBU'O 

vmxnm Bmstmvrm. vmrnnrnm, access agents Am secure 
Acamt% Am ro wm^mMmxmM J «mmsMANAGEMEm (omm) 

I MS *Th (i. h is U i^i : 'x Ira j^u \ \ 

Jura- 16,2000. 

«n in i ma 1 s a 

= present urveabon relates generally to tbe betd of network >. > o . 1 i more 

spawb be. , to methods and systems tor the secure distribution and delivery of content via a 

< >> Si it t 1 

tB^J^yty:H.::^y:•LrL^itiyJ;r•yj,::y.^^i:v. 

t i <. t t t S n i v v I' vi n 

> \ t d stnbuiKruh 

s udbr^d hiterur ib 

KiJS^< 0< , p < I ! • >i <! } 0 , i 'J fUt h' 

o tuu distribution worldwide. Tfe ability of reworks to support vH i»u ^ ^ media, 
such as streaming media mnbieasting, is growing rapidly as satellite and broadband IF 
technologies allow content and service providers to distribute high-quality video to raiiliom of 
subscri b c rs simultaneously. 

I5bWsiver ; these s ^ \ beea o j < by concerns reaaxdbig vO f 

puacy 1 digital nybls management (DRMb A challeege facing h o ' pay media 

! v ,> | !> -<U !!« < »i 

the flexibility to distrhmte media oertetu widely. The orereaseu distribution p 5 > > ! .i 
the need < prelect etui seeerc media content. For exaxnple, a content pro vider may have 

t am. r 

i ! wneHt; 

Condi liana; Access (CA) technology for traditional aroadcasnng systems s based c 
ixmbejuexUing haswess si- las ix; a seexne device (e.g., a srnan: cards located at the subscriber 

secure device will only release lias bey to the dsosypiing device if the subscriber fulfills the 
\'n,is vCno vao m ( ,s as c . sv. « 

sbe rt ess ales are introduced or wfeen th« 

security sysiera is 'backedd When a huge number at secrtre devices r the field need to 'be 
updated, it will be appreciated thai the cost implications are sspxsi ibcara' . In the case of large 
> s , s,. c s s em a - 

-I- 



WO (?s/9S9iO 



pct/usoi tn"i 



The hires-net is becoming a platform for content delivery So mtlHoas of users worldwide. 
Using the Internet fix seciue coat kh* . • so >- <s. . - several problems. For example, 
mutimd OkoO Server ^ ? m-; <■ a; W'.e<a k.adk the load associated with large s'^-ivsakv 
events, as a single central security server is typically not erpsippedto hm&Q million oteyxmk Is. 
i I ' < ^ < r M5t k .vna t 

n terns vu taensble to key book pirac y 

r o i s i < !N ^ ( x * ) 

to ma < ! < * v D Vf > \ t \ ddress ths jrsi problem idemiftod abo fe 
do tiot protect tbe content encryption keys bom t ; edtori ted operators. 

\ I „ 5 < 1 t > v f | 

i><o<m „jo m$\l - ffklVt looxe ome internet 

< n s !< stresmkg snedia i be poshed to the edges of the Internet (e.g., to t TStkh whore 
is, \ s i , K \ « -> » , j a t > da <, ; v o' t , 

v < it v are v s «. t using the ds-a-a; are a pkkrotn to deliver bak quality t jo i to 



wbbot.it any degradation by any user with a oorapaier and a (broadband) lateraet eom-eotkn. 
Copy protection stinkards, sooa at: those speeiikd by 5k at the end user device using a physical 
secure device ) decryption are expeaake u somewhat onsak. \s > tK hacker can 

1 ! - i s v v ! 1 i I K05s ^ HOC 1 0 

\i* anonymously op $ a worst-ease scenario, retrieve a deerypkar key > redistribute the 

sO V > , 1 is 

Wats « techniques at t end user device using a physical sect; to device may be 

expeusive and traskk as a experienced hacker car: break k;o the secure device and kaiclk 
tlx sootutkkmnt v, ru >ltKt j 

W'Ki ra i ,fiko\-< j 

coaauumcatious aetwork, there <:>: lata a danger brat > < lu snbscrkers i . decrypt the 
so if j ark, during s decryption < s ss extract a s< s j o products as ^ • bey that was 

l ~> ■> > v , ^ \ i S S S i ts 

v > krebythe 

fraudulent, authorised aser distributes the unknot key to unauthorized users, possibly together 

S •> » s . \J 1 ! 1 < tit .fit » 

s ^ s o \ neatly, 

is s 50 > * i ! 5 ' t s 5 

tl- U\ Vi S S )v > t i i 

may oeed to ise ; m>S for a eoceess&i iropieracHtitboo. tare exaorpk, secore -storage ark 

ntem tnujpnon (o > ^^^i ws t 1 

eoateat (or prodsret) eocryj>tiot3 keys to a fraudulent operator or user. The exposure of such 
s t ^ ! -> s. n ^ sigobkeart loss o vt d i i< 
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secan; ; soaieabie key o * s , system , which can manage 3 large s. , U o.f subscribers 
m fanconsty, ffisj lesdr.olx - dace ^^iaMefeyaMributky system xnayix o >.e< ea! 

vi s urkalvutnJajtge v 1 s 
< associated wab systeai sobvmaa and hardaaes required to k v these functions may 
be U a tor a single content provider. 

Current hardware-based centers: eeenrby sobaioiw gepmahy combine user authentication 
t content security in 5 module (e.g., a shade smart * ! or caher tamper proof snoo f vuf 
5 s ; > a i ?f v s a h 

for iv'in in winch a a orders conteog using a secure ihcnnbcaoo:: device (such as a } M 
M>i a > a v .e 1 oa y id ei'v! v i a>MJof 'awe K 

content using a copy-protected viewing device other 'ihass-vlewtBg device 'that is integral with 

i i s i ! > i Si t i I v. >. ! < - 

y > ! dessee t is not linked with a specific user, sod thai can therefore .not he used to 
ideMib the use 

% > i ih * Jm,- nepknaoteb e : - t >omt ro x k t 

N wM, a « a hsJ s a- ^ 1 a J M a par aL U\ A th< <i < 

iS v !. i N * 1 1 H > s. v ! ! > < 

signature »fti)e coaieat license with a private key prevents backers hom In vaiid licenses 
and generating in valid licenses. However, assigning a license ntilising a private bey | rooe is 

1 ! iK >i a v, d l;e 

idditass * t t it d associated 

. 1 > . : n- ' )- dibidve. 

bktev (e.g., the iaterrats) are hecranrng inemaanggy u > t * content < 1 s s 
tlx 1 a I na ! j i\ \ tine a N 

i > provide a content 'a 1 * with a degree of geographic o t: > < r rk dra motea of 
* s , i - >> w 5 ' < < • ! a ! 

accessing certain content. Far example, a spores eiirb may want to dt * 1 a live game over the 
Internet worldwide, bat may need to block users in certain convenes boat accessing h>e content 

0 *e o- ,k vw So m^ v ^ ! ^> '^)<^^ias 

lotions teoonc «*or-> b> rt gMoi poo a 
!du 1 v 1 is >^ > ! ! b i n < 

of bunlens < n 1 0 ma ion < 

eonnaahes -'e.g.- content distributor) that tisas do noi irest Furfeer, users may be reoghred to 

1 s i ( k n i i i < > 
fiVO>P.a.irtK" ! ^ 5 u 

for users. 



According as a hrst aspect on rirs isreeissoa, there is provided raetbod and system to 
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distribute >-h>;s v , a network. The eonkmi is received at & contest >ivjn,\!? from a content 

> !? ! tf content s t a i operation elating stheeond fisj armed the 
content provider provides aatlioxisaUon to the conkun distributor to perfbra. the operation, and 
he „u hot< s s ^ t i nhrtoi 

The, i n ! ^ Si ^ hk»<ui)( 

distributor and may comprise s association M h io associate the content % a contest 

o ,o<- h n v > id) 1 - ' o . v. I i 

opeo:aksi to < * s \ the eotosot as eorteso distributed speoinessiy to she content consumer. 

t t\ u < sees a >iion >|X 1 os 

o , < t i « 5 . i s o s , i ■> , i wiest, 

■consumer, 

\ > o ! > a ranker aspect of the present una nte-a n\ e is provided , \ ihod and 

< l ( t * s > " 5 \ ^ 

geaeiOied and content is esctypied nonarny die set of session keys. The set of session keys is 

! S v <" 1 N \ X X\ v X vS !v 

encrypted sthisoog a eser key < generate a set of eneiypted keys The , i ^ k 1 content is 

j < , \" u <s I \ k e s-.-'M-emob .s^umIk 

v t o i inn to hse content destination, The user key is contiriuoiceted he?;: the corneal 
h Of! < < Is it i iu n v > , 

encrypted keys to extract the set of session keys. At the ooraeoi desdnskoip the set of session 

keys is utiii/.ed to J 1 the encrypad .vsmrn. 

In oik e\ i > ! > 

of session keys. 

> ( * ,ded*ot 

aisioraated method and system < provide an encryption key storage and distribution service, A 
product key is received at a service prosader ; dse prodoct key (:) < ?<p >\e ! from a first 
content provider, (2) eeetyedny first cc-nten; controlled toy the drat cusneat provider, aral (3) 
being encrypted with a secure device public key of a s secure device of the service provider, 
s M i ( i i is 30 U 

V. ,v. i " i v. > I i i ks ,! I t 

erserypied using a storage key associated with the see are device. 'Use product key, encrypted 
using the storage fays is stored at the service provider. 
j * embodiments multiple product keys are reced ed iVom respective content providers, each 

ill <■ V \ N < ' •, ! 1 ' " <> I \ < 1 

fi S Iom! OtU 

content prot idm 

hi s n a , s ( u » o d j s 

s ( ^ t i d o ! i a )! 

stored at the service provider mid is associated with at least am product key stored at the service 



won m:t>vhh\. v<i"\ 

provider. 

\ mm loo 5- ye? a farther s-,pc> ; of the present !m'u!!u«.. daoe is provided a method aad 
f\ r i U dispihutio > >rk \u id < e a afka on pro ss 
i ? ' i with respect to i conietw A copy-protected device aadteraastdon process is also 

t h ' . * - - 1 ' - ■ ' m f,l\\'i'\- 

, f ' ' ! device antheraioaoon process comprise separate autherrOctnion processes io protect the 

v-S k i tl > SS t. 5 S ! v V 

v. S > o< of a user device certificate and s t t of the user credentials against „o- a m 
access criteria. * one ' m die > op> -protected device authentication po es ^s includes 
> < , 

Aa'CvCoIu i , i ., n % m - C mn !» - 1 s^i 0 

o d i > x t \ >" fii - * 

< i \ < ;P a content provider. The eoittem noeroe is signed ad Using a symrnetric key. ho an 
exemplary ; n > t t < symmetric key eaorypts dm content. * an slternstive exemplary 

v. ^teo$ 

\ sO„dm . Hid \Watl 

its distribute commit via a tmtwork ■■■ . a geographically controlled matiner. A request is received 
from a coaasm: v e m , deliver/ of cmMnx to the content requestor -via the networks A 

on i > ! < ; < t u | ! , a on 

process including determining s geographic location associated with the earner;? requestor, 
i. « ! \ geographic access criteria associated with the content am! man whether the 
geographic location oomplm with m gnosis »ss catena. The content is leased 
deli-very- to the content requestor if dm content location complies with the geographic access 
criteria, Io cue exemplary etnhodunent the deiennimsg of the geographic location inc -hides 

i ki } < t s lis o n i 

i v'i\o wa^dUne'ed I achursaxt o-i t N de 

geographic location hwiades determhmag a delivery address drat a user autheadsahon device 
associated with die content requestor was delivered. \ mm' of the geographic location 

x aetwoxfc address v» * tho t< ' * N s 

to a reqaesi sooroe loeatba. 

t . . x -..i- ,^ i no m f n '?o md 

system to dynamically preset a payment gateway to content requestor, Responsive to a reqtmrd 

<. i v s st ! t t m '<\K?v i 

deieraonadoo nntde as ;o whether the canard distribetasr rem; a a orst payatmnt gateway of a 
fm | \ v. < o t ] i t x 

d s 'hi I > has selected a first naysmrtt gateway of a drst ! i t of payment gateways as a 
xt . ^ dvr. the ;md payrmnc patera; n > ' i i > -s 

■k t , t * ( ) i < > P oo 

recorded a first paynmnt gsttcosty ra'a first plurality of paysnem. gateways as a i * piottmred 
-5- 



g<\o\^ 5 te^xc d "~ o ^ orka 1 

! us -K'fcneu paymeuf g,itewa> ir „ \ whm *,nui pa feared 

payiViUUe/nevsv ;s ; the carfient requestor •> T-Ui it p<vyroem gaten a> J K usa 

i n ( established between the < 5 a distributor and fee first plurality of payment 
gateways. 

< a< it, > h | * i v in * 

ssidWiav vi ' i Hi 

BRH i V OXINiJ LEl:iMNil§ 

The pressut mv<snuo« is illustrated by way of example and not m the figures of. 

the aeeeaspaoymg drawings, k- which like references indicate similar elensesrts arid in which: 

! \»m<? \ - < 'f 

embodiment of die present mvesSiotr, 

1 lf <U!K 2 U \ i i ' vH j >OUl 

i 1 v t v 1 i v s t , t «. ! !stJO<!i 

it h ! , O f ; i 1 < > < ! 

v i > tern 

S 5jjttt*4 ) i s>x . i ! ,^ 

I user interlaces th&r together provide the functionality of s u > <\ > *> access server, 

Yi^ma % i if 

access Agei.t > ! 

,ml * v \> i v t i I i' 5 v i i I'lH I 

destination. 

ftauf' s i k <, <.r~ v. s a 

k \s 5 i, vfi 5 XI ! . < 1 >i U <^ * 
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x * * . 1 - . img D an 

;ary embod-men? of d;e potent ins^-niioo, a method of combating key -hook piracy by 



key-book piracy 



*. s< iaryembodbtK > 



it of the V xmmi mveatioa, of distribuJ 
a n n! i) " \i \C v s Kiopoosha; to a teqacp: i ;be c 



i^fit, ill 

( <. n t »> ! <. t > n i >rv i i tut 



12 is a dov , nioso-abog a y iK obo<t < < j ;t to as n ipht v m t\ 
vrmtsoi al access service provides provides security f: 



Figure 14 is a flow 



a ,. . 



KmOC-d Of 

it tO 3B ASP 



of 
to a 



f igure 16 is a block d 



i, tHtpmx (das a p oduct v. > to access ■ 



! ! ! <. us o two separate eerdhcares, ;varr;e;y a user device certificate and a copy- 
p coec e4 device ec > e 

Fsgsu-e 17 is a flu* ) Kliag loan exemplary em mem of 

the prescoi mventkan > secure come-st for distribution via a oekvorkby employing separate user 
device and copyprotected device autheriOeador; processes to protect corner;! rVo;u reuruihorkecl 
access. 

Is ss<, S >. v. t 0 u-le.i o v. i t ! eu^eouvo 

I t)!> ' UH < v }»s\ . k w <\ X 

5 t k s i i ! 

*%i'< 1 V V d 

ennos. 

S t' ! v ^ - ! k < Hose o )i 

exemplary embodiment tf the present iuveskkau that js nd » <*! iff < du < v s orxtujs m the 
ieu s o , - - u 

t !V « 5 * i i * ^Ml 

o\eo pa^ chiw dune-a >i iV p 5 _c rtlm u aih s 

u e > , s > 

f<lgynkt< - > ' ) e>! < i < , io ' i,<. , \ <>$ f 
> v i < i , ;s e <. d < 1 i 

symmetry 1 s; 

I > "«v v i i ( < , i< > < e > > left ' i 

the oj sv.» nvaUiot v t d < i * „ content via a network is a gee -graphic ally v» n > k d 
m&mser. 

Ftgas* H ^ i >!<><> t e> n it > 

■w» > v a P t is it s 

H^un 2^ s v v t jiatiwM t k kuNI 

i 5 > ! toatkffttopseseoi 

4- 
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h « * 27 is a. block diagram iihoooune i machine, sn an exerap: cry ion?) of a ecenputer 
sysfe-n, that may operate to ex ecu to a sequence o.f i, i % < i sirred ox; a > v N 
medium, lor ca using the machine to perform any of the nwtkxkdwies discussed in the present 

, ,i iOADOn. 

■ i'dil'M v LLP ] )l 

"]■-[■-'.: m \ terns to '• ributr om at vis ; network otiiising distributed conditional 
access agents and secure ayeoua. and to perform digital rights * t !><. (DRM) arc described 

a the Ml > f i orfic dekuis are set fo 

m <ndCi TO OtOt dv. > i v. s p v v. s s t 

>VWv f ! ! is! u t e 

, 00 <^ 

Oyerv.ie^ 

I i^iss os , v. 

s , I ( pre .ent r nest n 

viewed as comprising a distribution process 12 ore a delivery process 14. YVcbin the 
distribution process s n , content providers 16 {e.g.. a content producer or owner) 
distribute content via a network i 8 (e.g., ike Internet (wireless, or wired)) ie content df 
( j o! s s > \ 20.. The distribution of content so a content provider Id to & content 
o d i < n v * msrrbcv 

content, to a be g v r s < u \>n 20, 

Each of the > t n distributors 20 caches commit recewed from multiple content 
< i vv d cs'efa 

oeWoek so as to reduce network congestion tied: would otherwise s x a content o > 
i b to distribute content responsive to every content request renewed from a eorbeso consumer. 

t ' ! * ^ " - < ! . < ! (. M 

the do > < u v destinations 22 (e.g., users) within a \ ? i service area or conforming to 
s\ m, 1 oh i > i uoloinmptix neeosv,^ 

ton pu\.eJMi<w nut brwatd o kn i n s t ^ Jvdto ^ ex no 
dcatirauieci 22 c; 0 sew uwteni ha mi •< n cached. > y iwee a quest fur the ieievaot 
v. < * v v ) - t * if iih <it 

v. v i » ! l> o 5 he c^niuii dvins^U^n s2 

lypuarllyr e rcqressi for raurteik trotn a ecinieot destination 22 is reoonted to contest 
distributor 20 located nearby die requesting contest destination 22, lite requested content is Oreo 
streamed (or otberwrse trai;si;ribcd) ftou? the content distributor 20 to a media ternrinal (e.g., a 
|x r o-\d computer (PC), set-top boo t STB), a mobile kiephoue, a ganw censoie, etc) &x the 
o< r UvCn . , iib N 

~9- 
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Fs<s,m t i 

i i jnosiie c acorsk-n distri un ^0 * nuiu desdi ctk-st k; uka 

provider 16, clear w > n '24 is encrypted utilizing, tor example, a synrmeirio \ >. „s key 

tt - ie« te &m tyjm& mntsM 2i s e o ©i fe 

y s s ^ i i * 1 % « <, . 

to this key potemiaky shows for regeneration of the c-kuir ronton; 24. The encrypted eosnent 26 
(or cipher text) is then coraamnjoaied from the content provider 16, via the network 1 8, to the 

! N \ ! h \ < ! ? J s o 

content provider 1 6 at is remote erenow: dnnshtiior > may perionn a noafner of operations b 
a nsn. > ! 

' hi I access agent 28 decrypts the eecsypied co-neat 26 to ^ ,\ toe clear cotstent 24 
a < < s P a t.Ps^ekii $ft\ tk 

i it < i ! I th u v r m r n it 

ft tUl !.< ^ ! { > OS! 

Is ao aUereative s < » the oonnitioorc access agent 28 at the content distrihntor 20 may 
rewucsypled o content with a pobko key oik eopygooteeted device as: > content deetmation 
>} hi t v o i \ i u ! < ! <. \ %and 

Vigure 2 is- a. Mockd.no, mi - egardh «s ft p 

i s u ) n i o; locations of tire wi ii 10 io ktciiitate the t •> k < r k us\ 
processes 12 and 14. The contest provider ! 6 operates a content provider server 34 that is 

si > u m | s Ov •> 

co tea provid i ? -mpriseasto «s roc fess n- (c ; Real fen o 1 

\ (ossi m ! « t < s ! i na. t o s ( t 

media mercer developed by \K > v 8. I < i on state). A s« Jslsusai access 
sere . - x , ' \ SojPoo; favr *>ao 

Diego, ! I -> n operates to define aod store access rights to eoaiesn of ike content provider 
16, to peribnn digital rights m s ^. , -no' to eranypl < >.p i o 1 to on m c :sk .>•! 'ni 
| \ ! ss r N N ^ >. ■> v v >> i i 1 Ml ' \ , S(\ i» 

<s >f s i eglsiratson k s 

W'Pke t;>e eos>ditiooai access server 26 is shown to reside wk!. a u i'm provider id. in 
^ > i.n i o->-ts, nu s 

service ps-ovidcr (ASF) 28, In ikis esse, the eondiriotsal access server 37 tnay ^ sr the above- 
described ksncoosss for awltiTiie conseBt o^k i 6. 

k c ?n - ' 1 < > s » o v > P w< U 

v. N v > s I v v. ! 0 > i < i 

! s s < ^ * f t s t | f n n 

provide svi <r i o,sP"{ and tevenac scenrip- w <.< s " providsrs 16 by processing eece.ss tsxd 

s v ] vx<s> ^moni^ 5 ' > 
40- 



, * v u^Isg key delivery to a content <fc3tH*«»ot* 22. KroaJly. the conditions! aceess . „ j i ? 
ex. Kv n f he s t n i ev cob up ^ i m. m \H) 

; sod cache product ho> tntotviat t n and a< <. t,*-* v a- < ! f > 
^ j f \ <. \k <. v ~>~ * sur 42 U sf 

i ! ! i U U 1 ! ll >k 

irons a convent deoneoioo 22 based oil access criteria specified by a content provider t local 
<. ik i i ni n ! > T ^ ^ *n — > 

! < , 1 * ^ ' i < v. ■, , 1 > V < ! <^ ^ < ^ v. S. , - 

* a v v , v. s u > ^ 

r22b os boh •>•,;* fevice 46 (e.j. t copyprotected 

i,< 8 s t * <. S I ! 5 » ! I 

* 0 i ! f ! ^ > I \ v ^ v Jk 

oij 1 !- i access client 48 reside:; ov a persona; conrpnter it may, for example, iaorrcb 

! | B ! ( i i ! !. > > V U ■> K 

v o i> content. 'The o < n access client 48 <s.;seee.; to -> >v • < < f a public Ley of the 

K«K j i ( < n * 

obit !> ; *ii j < ! i « 

lift ({J , v . . v 5 

forevicv I 
c undo, tss vj\v > k *? n . s i ilstoi ■ v ( v ;s 

' n operate is o with media servers ace viewing devices (e.g., payers} to psoteeied 

the fights erf a content provider 16 in specific content, vhsh facilitating Che widespread 
distention, of cement A conditional access server 36 enables the content provider 16 to encrypt 
$ i i ! * ! The 

c»o< ! eo access server 36 also manages sr6)scripbens and provides h a and statistic- 
tools to a content provider i 6. A conditional access agent 28 is < cryptographic component that 
insnms thai access criteria, as detmed by content providers 1 6, f u < 1 Conditional, access 
( i N >> <. )1 i i n i Mi die 

, i ct , v i . v , - - i < i x e ^> nut Mid 

ib \ v \ , I h In? i « c i tlx 

PC, a > I h and mobile phone, game console or the eke) and manages an interlace beOveen a 
secure device 46 and a subscriber 
fj Stiff 

mo - ! of a content im I i sy store 10, The f ) > o of ii;e varices components of 

v ' v J - ti o - 1 sionc ^ v 1! i i u 

context of regisoehoio coorsnt crdermg and Oansccbee precessing \\KPk«nS 

he content c stem 10 eons fa nun i > n< 

pnn o isc 1 ^ .n ^ < v cfo>nK 

heu .am ! J < ^ c v \ n u ! uk ^Ih s n > 



content, d;d;y programs, pnsdacts and services context including video and audio encoders, 
servers, players, u„ Mi and ^ht Web sites. 

Sic V < <. s v. i > 1 

& ,knv i tig fun etions ; 

(J.) > o oo a no is kvs s v s ! k 

(2) tine-: > s content security < «opy v < e io , using ejMryptlo« sad 

uennarkingte 

(3) Transaction card parse msnagetrienO using Public- Key ktiTaatsaeoire (PKI) 
and eXtetvssbie Markup Language (XML) teekfiology. 

(4) S, ■ < ? ibseripj based access 

(5) _ - !S <• K i ! iv tl ^ , i 

pis > » < i' - 

(?) Vk • 

(8) <va*n ! v 
architecture. 

(9) * i it e t < \ \ 5 < 

If ! f] K f K v v >v , v 1 I \ 

! > plat ! ' mi > I 

The above listed fttnotiorsp in one smbodijrssng are enabled j , m by the rotiowkag 
eons portents: 

(1 ) Conditional access clients 48 axe located at content desttaatiom 22 to sign, 
content transactions aad manage the consent decryption process. Tfee 
conditional access clients 48 each operate irs conjunction with, a secure 
dsn ce i I 

(2) Conditional access servers 36 ate located at content providers 16 or at 
u od » nv v ^v-r ^ i> <> ^ * !N W >os 

embeds vaf a 

cosrtcni provider lb may access a website operated by the conditional access 
service provider 38 to secao; centers: and to define access conditions (pay 
per view, subscription, etc) associated with lire corneas 

v ! Cs v 0< O f O f H Oik h 

s < j > lure 

f s f i i 1 j v;m-dsma> 

v nerve u tn^c 

^ , v. d (.5 t 

pay~jrvd$&v>puaton»M« r n ! ! o>v 

and aesochsed p ; s in s c field. 

42- 



s d purpose ! d;e innnethateiy following description, 'sk < ! i d content h 
already been decrypted by a content provider 16. live content recabres a slightly dd'fereni 
approach as th« miti d stage of content protection (real-time cm ryot son is rsquiied) 

'k-vk tn-M^or.. . * - - ■ : * <• ■ u' »>f\f 

h < l \ H S " < t v v i f is v. - 1 J ! v. i 

content provider 1 6 accesses a Web server operated 'by the conditional, access service provider 

I . », ' < h < , ? V ! ,t s ! v - V, V! ',,! M,"uUl 

if h.vv\« ; t s poke ^ <. - s he oj e> 3ro> dt >fo 

Si I > > i i i ! > <> 5 dv v. ! i ! , i s v s , Ivv i 

-t eiain 5 i s ' ^o t li na < i )u 1 r ^ 

pT t !Ud£f *OgUl 1 v 1 .Si i * •> Sf. K'i 

the content. A arnqoe tfoifcres Resource Locator (URL) linking to v access criteria, is < 1 ' J 

K vfM5 ! ^ x " s 1 1 

' ! s ; ! outcast 

0 s! 

destination 22 (e.g., a aser) for specihe content. The user roays for id be naming a 
browser .» a. personal computer arid want to view a content bent provided by of a p Mod u 
so ff < ; ' ! i 1.6, Whm selecting the content bang the browser detects a tag eamabfoig t 
liliL. , s i i - - > » v 

persons; snp te cotnresnce a roarsacdow 

The conditional access client 48 fordoes a secare session with 1 ( JU'vl access agent 
28 to request an order for the relevant content un If tbe content as is not cached at the 
content distdbotor 20 as cached content tbe conditional access sgs.ni 28 terneves access critsna 
for the requested content hem < tbe m , > server 36 j forvsrrds a derived 

XML signing request to tbe conditional access i * \ Tin; conditional access client 4B parses 
d;c X'MI, signing request, displays order <- a - - v- ,o (streb as a pace) to the riser and prompix for 
a s ( a < ! < n ddunber (PIN) cede ' i * k t by way of a user interface. Tbe 

as .a coritlrrns tbe order, and tbe eo;nbboaal access ciaent ad dips' tally Signs the order 
continuation osing the secure device 4o. The sngned order is sent to the conditional access agent 
2S thai verbles d;a ajgrsed cord:m>&boa i>«ler are! the nser eredsadals. lite conditional access 
N s s ptoc« t i i o i maviv-- 

! , s. ! t d s u ( > n i 

An-! , 1 l )lu !( 

pc o More speefooai'iy, the eeridsbeoal ;;cecss agetu 2d vili ni foe signed 
uuhiosi>r> i < it no i ffhevm <. 

>mxd<ler42 tou| N ienre device < > ; don. for elearin 1 

(.ooi ?k service provider 42 processes the baasaedon and makes ibe appKipriatc r;nn;cy 
tr&iisfors, 

•13- 
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The secure device •server 44 interfaces with &n externa! commerce service provider 42 to 
<. i - h \ >.\ id > s < * payvvnt 

between the various purges (content oeeavr/p-revider, network provider/ISP, payment gateway. 

The conditional access client 4B interfaces with the secure device 46 at the content 
d * s \ i ^ |m e KskvC A ^e jk vMre -te imo 

lit' 1 ^ the PKCSd i 1 interface to provided device * » 

The content „si ; 22 may also employ h 1 devices utilising non-PC client 

lit i M h \ ^ > 1 i > <^ >. M,5, ,< , f 

] > if a ! ^ 'g.a \ i ,i K U< C. n ! !• t, 

pe>> } vlai< -run card. 

rhec \ <! t eui48 id secure: dsvic< > " ds ith the local content 

serve;: 40 (e.g., & reeds:; server) and client applications to secure a control channel (such as RTSP 
er HTI'F) and data channel (such as MF.EG4 over RTF}. 

Mi secure device server 44 provides an imerfaoe for external payment regisiraikm 
servers (such as used tor regular web sites) to allow automated purse s <>, nu * 

^J.36 

rvc 36 j > c esi it. a « ' 1 si < 
or may he deployed by a conditional access service provider 38. 
A conditional access server 36 provides at leasi the ioiiov leg S nun on- 

(!) i 1 t < t N f > 



(2) v , , ^ s <> .:remej.nd rm-mu >. n > > 
fsabst 

(3} \ » n of dec eonte-d >ms keys; and key I st 1 i to the 
conditional access agents 28. 

(4) N ! i > i i 

forwarding <>-ed. subscription ' n < < a commerce service 
provider (e.g. a payment gateway). 

(5) Processing of transactional mfonuaikm (rnoirdormg). 

Each of the ab< motions * ow I scribe, , au»{ ovkk 6 

deiincs the access criteria (AC) using m access criteria profile editor (or Digital Rights Manage; 
- ; \ H h > n I > hs fh 

^iC'H. , i ; , H?i VtV 

upiondh iK' | s i u c ' i *tt guv 5 -hort 

O SC i> tk P \ v ^ i i O v i i \ I I vll ^'11 
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subscribers request access to the associated content I Iv access criteria are stored a such a way 
that retrieval can be performed efficiently (e,g, ; the criteria are organized by eonlent provider and 
location for which ib& access criteria is appropriate), 

f > <! i access a gems 2b arc assigned a certain, location > ~- k. (ID), s k \ to 

same location I'D, The oeanktionai access server 36 vrik map the eeanlieooal access agent ID to 
tlie appropriate region ID's to lookup the access criteria that axe suitable for thai agent if any, 
\^ lev at < ) > < 1 d<. ri v v1 to; 

! I s ? regions, there may be a conflict (one location may ap to multiple conflicting access 
criteria m$) To ul 

1 t ' < > ' o< < 

A COS t 5 ? ' 5 i ^ 

requests nliimng the conditional access server 36. A content product may, for example, have an 

> i > < i i f ! s v n ; a o ' n 

as i> .i of a cement product associated vrith , certain secure device th at ordered e 
prodnct and a subscription start - end date. 

A conditional access server 36 also processes incoming nrnssaciiens and f orwards them to 
the appropriate commerce service provider be "lire content provider 16 may' be able to monitor 
i esseel transactions. 

i ri,» <. * , i s o t i i 

and user hnerfeees that together preceded the fomdon&lity of a conditional access server 36, 
v v o tt > to oee s i > n <. ■> of the present iovemksn. n below described server prcscesses of 
the eonditiontd access server 3b communicate with external processes, sock as a conditional 
i h n^th ,v«.nk 

1 . s< m,h.,cjc Kkaio^^seontenipK^Kkr Hj\>as^:a,eda 1 

U i. 1 ; s 1 X ! { - ;s t s < i< 

operational eribks. Ptcdnes may be created srhfomg a profile rights manager 62, The profile 

\ > i i i > < ! i o d Of ) 

> mem* \ or <di < > » s t 

provider id to define smomi products dart are available - < ? ^ri\n„ . 

i cash monitor 06 is a user interlace to > > n the value ofdransacnons for a , n k , 

■. > K 0 ' M,l 1 . ' ' 1 !\ N C- ! ,s \t „ UU t 1 A| (I i O 5 

5 s s s UN s! i I ! 

\ subs.eu'peon s<;m ; ; t ^vi-cipu - n K s U x \>r hem ■< z - 

signed list of sobsenptions) for a specific secars device to eon&tttona! access agents 28, 

N s l N ^ s < f 

> »H s 1 \ s 5 km e , 

< ! s s ! s vM e ! IK 1 CI v.T 0 1 \i 
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device serial number. A snbscdprksj form is signed by the access server 36 io prove 

the .i .i > i < i >v :;:.:sri ee integrity. 

^subscriber server 72 is a 1 N ts eutvly psoeess sub 3ti ques 

A i t < < server » unbred k:< mossier rssessaobons n update the reabbme cash monitor 66. 
Below are set out a n i of tables and fields, according to an exempisxy embodiment 
>> ^ vn' 5 i-oss server b6. 

•\ < \„ x nv. ^ ^><i>. rt source vahf ■> il v( s > ( o 

i i < t> i sysierm issso< i pari nwmi forac epdn U v s 

. ! i • ns or a debug level 







'Rsss>>ree.U1 


'"' 






Valise 












Mss&urceldk 
1 1 


n.e amour kvr 

«<s: represents predict irtioaoaimrs. 






Prodactfssacrf*! 


i o Uie pu^Ji-l 






■Sajiis 






Xhvt i.;: v.-.;;;ibiv:ar.:>J? with i-.-M h<:Uy,v .. 




S-----«H^;fiS. S-yiflV:-.-: 


IHaBiirwa 


AbSvUsO v&hse of rue ;hs <lUot: (&f : . : -e ej.i 
<;;sy, when 'DgtkSo;!' and > <!S ■ 
o keri < 








%ff<s<ttf a ;s >. ! >. - 

■r.<f..i;sao:i (ieSrfe v«p 




pr<xteei fcecotass auKfobfc ftrsak 



Product!. ' > i ' i nil th ^ c - 

I table PraduaAC ut v iiie access c-iteiia (usually payment) s > a ftn>! 





















Mitiiffiwn age (tee v.ss, if yo:.: wsn; w 
Save :?a;«':;as rat;."v Kmiiol ;- ; ;f pay;iR"« 
gateway. 1 s \ ^ 


Mas 




ProductJkmerM, < 

lis* table £p;;fo« repreassts regions; mfoKnatioa. 


'V' ; k: ; i,:' : 

















,pae key. 

> 1 k i - ' , v > tit J) 





i »!■. ^; »> 


GeuaayfsJ 




C««nfryOxte 


3 ;taicf:-:;- !A\.:>i>iy Cvsie as us&s;;! by ISO 
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Coimbyltt Is the unique kev. 
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IV uibk /; (>,'{ represents uk con^il pt\n kkr* 16 thr S have u>\ ■> — o i > 







MercJtaattS 








EMail 









1 ' v Vttl SMO\kl< i 1 

| v. ' v \ k) V t. till 









camber 







EMail 


B-Ksatl j«5mess of sascr 


lUmHrnn 


(Opd»;;;a;) Tjairss of ;iw !!.;-•; 




x fights 

This \ a ^-.;y u> -ivc <t< \ 

, ■ v - y < * n -v^ ^ isoi 
i.; ass k> c^tai- apslksti;.-:;;; 
<sdy). 


SscretKsy 









Sei-ia! Is iV unique key. 



piovid^ n?) thai haw a ciearbg agjreeraew witn -u. < i ^ ;-<a«>Um.s U 



iPGWMhrm (he unique key. 











AgaatSd 












Type 


Type o*\^*ni (io.ksa, KMC1A, etc) 






















CAAgestS^ to: (otKTjp t a 


PifclfcKsy 





nfeumqaekuy. 



wo Kimmi 



!vn v v " *• F n met iC^e<i'i\ tqfcestms mc pa"vmcof gafcw are , i This 
„<v,i >. rcgios when svi uru -axrei* criteria to cn item 




f'GWki 



SybsmpUon Tables 

Ih su £ its i >i s nx uss cces^ 11 t c i rip ok torn sen* 70 md 
subscriber server 72. 

Use tab's SuhscnpTianFonn represents the m. thai: h^ v i issued U 

s'i > bespit' on; eoniem provkbr < 



mm 





















ad kvieeSm-mi form the aaiqye key 
The table Ifcm4C links a prticular ite (cosiest) sm access criteria profile and a 

key. 













Ui^ce iters («>Btem) 50 


Vcmvptkea 


^ discernible? cotmn, displayed 








eta 
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— . »™ — ™ 








^^^t 



fhe N > icpsx t ^ N ^ cce* criteria m< link < ictual access 



n the unique k*y. 
The tal>te ACProJiJe-CmmiryBhwhrnt r^Mfe 
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The table ACPittfileRegimBiackeut represents the regions that aie to be blacked out for a 
oemin profile, 











; 


ContittyJd 


O&yiifry tofeb'ssk&l eat 




Region tts febkeksd oat 



Ajh^famtfit FrojikjiL CoutWylei and Eegiorifd toon the unique key. 

11k table AXy\i'oj'ikSei represents an access criteria set (coMitioBs) under which ,<<f item 
is provided to the subscriber. 





i>f:Si.,"Sptf'<tt 








































5 - N \ O 




\ 








Vjf-.vi.yj> t::<H: cVMfi- ; ft:;:i: vy-ii; {.y:jf •}:•«.- 

prk« 




0>i«S ia' p; ;■-«-■> ->:v;S:. as J t sir f;'yuy.<;i 


WwTxre 


■ finr. 
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I . \ I 


i v if Svirsriher ^ > e.;rs loyally y>;xc::iy. 






l^yy^. 






siiiiSBttsl age 








crista ham 




Loo:;: >;™ : - ; f r , s *, s -j i^>ok;oo so ; .";ss 




U-;:o:: >;."«• :.o >;.v;> biookros; ,;ooo ; os 


Do--Wt;x;o^of;s 


sfi i siiui&e: aag« 


■ 










isnf»roved p«rfs>rxa&»cs} 



MerckxntuL Prqfiield, Cotmtryld, RegnmM md Ssdd form the om , k key. 
Transaction Tabfes 

tv table CxskMordtor repreaem* s credit counter ibr the subscriber transactions atxl 
used for svionitvirlvig purposes o-dy. 



t'kli! 


!- j , j 


MtrchstSTii 


t't«oi;::i>! (coitisai v i 


KtWRJ 

















H «' < * « < i f S J( ! form . ufoipse key. 
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v ? ><< < < v •> ,01-- f \ no 





t- o >< ; 
















Type 


Satrcrdaoa/fPV 




CaAgeedft 


l 10 




Tracsasifej? 







< - < ierr ihe key. 



> W ^ * ' O * \ \ > 

A conditional 3v , v ni pso> kK 

via a content dishdrstos' 1 A o^j'«iU:i<>ruil access aye«t ibb \ rl ans cxempkry embodiment of 
embocbroeriO is co-located with a iocs; comem < 40 \ "police" local subscriber accesses to 
pi K Kb. ! 

bvMv. kh > i-mch N \ tiiVaeoa 

tanUio > thai: k 1 venfieaboo of corneal destination (e.g., : \i) rsqasste for seenre 
o> t nt p t ! s access cntena defined by a content < C s 1 6, and (2) a gateway fyoction 
uk! dm* iu 1 1 < i tU )< n«i s <n t^? •> s • v n <.)( o j i 

security settings. 

Dealing inorc specifically wiih s ^ k ? j t « ami dt > > the example of a 
sabsedbcf as a cooiem i m .bb a o< ui access agent 28 manages subscriber access 
to ihe content by evaiuabag die access criteria i she j b ; credentials The agent 28 
verifies a fid processes the subscriber request before (and cbubng ■ vise provision of the reoaesieel 

^ ' ' O «. s v. 1 ! > ft? 1 

< s; , i ' to i'. e ( 1 

i< so? h b < , , ( ' s < t j 

s *- vojJ ecnkunavsoo t 

* 1 1 ! iOjptiyii), 

W, ^U ^ s ^ < U 1 i \ I I > i ? 

ilio c mditijuai av\Co> i ! wo ? 1 !> o * t i as. > s 

> t 1 s 1 < <<»<!( 

pxpykiev lf>. 

S 'in i v.! v. J I 1 » < 

akow a subscriber to wew a rnovie raalhple braes obbm the allowed tone window whhoib 
charge. 

•do 
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Not ak eoouiiio.ns; access :x • ^ say 0 .^v; all types of access erkeda, I to 
criteria set 

t i > now to h gateway kmcdon perkroeed by a eortdhional access agent N a tier a 

i I i ' kn <. <K 1 !s a ^ ! 1 

server 40 to 'release' the c< tfc it , k - q« tfcort r,s a 1 the •«* - is > data m< lud o o u* 
!i! address / post, subscriber signed ^ ckterra, ihe snbsenbor eerktksie and t key 
? ■> ah t\ - pahbi ke% v. ? of \az i v< \1 i 

access agent 28}. The cootertt is ther; decrypted, watermarked and optionally re-encrypted with a 
n v > > v N'eyX 

\ o Im > t " ? 

(1) th s < * t > !U . ' s e 

. - 

(2) 1 ! v H i 

server 44. 

(3) N >v i - i Y\ } ^, i i ^ M i v 
i ioiii. N , .ptoses. 

For dm krterface. Ok agent 28 acts i the v. tern 

Use .NttLv-'l access agent 28 interfaces with . , ,>\" om! access server 36 to q..u> 

! H Lent 

The agent 28 also nneifaces with die coodntooai access server 36 i query access criteria 
ami keys and to forward transactional nrfortrssrioo statistics. 

x 0 , i ^ ? i i ^ v!k 

payment request:, receive a transaction (signed em request) and to pass any t messages 
(.such as service dcsnal based on insrdtksent debit/credit, u i > i v n etc), dor this 
s . t betver 

bhcWVK i V 1 1'' ' ' tk'I'On 

< 10 O * ! " vs.. ! ^ I t) « f t< M % U J 

nixo t tertaeing), lo th < u 

28 usually acts as a t proxy, < > out specide actions when the subscriber 

SeCOOOS UVCvN \..!CO v.-CC 5 . V - t iii - < (HIM if! >Sr >i. ! 

c^eBtkls). 

^ \ t ; U ! } 

I icH j>s 1 itK»c -jertnojde the ...i l. o it ik 

khwtsatmg %a en pore^os*! i K -s ^ s f ir.ytoa; 

^ m ' eoieotal processes, sued as the . i , ,t 1 a;;cess server 3d, .be sectrre 

device s« I conditio? s eiteni 48 utiiizi \b < s 1 

conditional access agerst server 80 provides a server ; o > , « n ef a conditional access 



\u><>! ! >s«aj vruvs»i m"i 

agent 28 for the ekent/aeeet interface. A conditional access client 48 uses this interface to 

f;\ (-oiK osa! access agent s»er\er $0 to ^ompioto s wxim <MI -! s 
kssed rm a \ v.- i < k v. t i 

session, a s i v. key is transmitted io fee ^ i I access client 48. 

s S i 1, \i V N ■■ > Hi 

> ife > 

secure agent 88 to the secure device server 44 end sends fee received receipt back to the secure 
agent 84 to delete the enactions. 

{ s sow: 8'- .8 0 m the o auk' > k ,meo m\ y...m sea the teu ewuue 
functions: 

(! ) Keeps imek of ali secure (user; sessions (session id, user Ik address, timers, 
etc). 

temm m k- a cor k si > 

<A) Snm ' - ! i cite and the 

cords' o ? access server public key, 
(S) Stores the registered payment gateways arid associated Cettifieaie 
Mvw&tkm Lists (CRLs). 
t i secure agent 88 may, in one embodiment,, be implemented in hardware to increase 
the level of co t >cc«$it)' l 

Art exemplary s , oe 8 scenario involving the < * > 1m - , n>v agent 28 will now be 
described wife tefe t e to Figure 5: 

( 1 ) Cottterd: destination 22 (e.g., user) selects content 

\ hC i Si. h < ! i 

oh HTTP, 

(2) Trigger conditional access com? 48. 

A. browser 90 identifies a unique teg included m the cement description file 
and is configured to forward fee liRL of the content description file (eg,, 

e \Av Kit v. , i » < s , t s i ^ shC! 8^10 i 

e \Ik I iv , 

to start j 

(3 ) Retrievieg cornea; description file. 

The conditional access sgent 28 retrieves; the content description file km a 
t ? v <. Ll.i.Kiu M^itm man 

wu ft ^ < flu i <, vii i I i 



(4) Selecting access orftek, 

Th<? eeaKtitiooal access iiger.it 28 retrieves- the access criteria using a regohrr 
;i tK > t c -Iua ^ ! , \ 

tree; ! previous session) The conditions; access agent 28 e \ \ a new 

S - S s.!s. \ J\ vSSs., v 0 

agent 88 verities: 

supported; 
(2) ih 
aid 

nserV&faj. 

(5) Rttrisvmg token information 

1 i\ COiR IS \ s i << < 

1 U tl ,. i !i < <• f 

purse levels and optionally check age; reshieOon settings. 

(6) ( t > 
B^sed on the x> x. 

acovss agent server 80 oornhoets an order repsest i '< c#sg and sends this 
to the conditional access client 48 tor approval (or decides to refuse access 
< > ! i ' id Vk ul ^ 

agent 88, which stores this .wjwam together veith She other session 
alternation. 

V ! I VI M. 0\ «vK\< 

I cs. nser signs &e ords Hi f Ji-t 

a jent >S\ c< mditi n;al access 

agent 28 tor-wards the srgnaiure to the secure agent 88. u secure a < t dd 
will verify c ^ •> w 

time, signet-arc etc.) before- granting access. 
(8) o S , u c 

la e first exemplary embodiment, the content, is stored in tire clear and the 
security redes on the socket pinny to block nnanthexntee! access. The socket 
prosy can. qnery on ->e.\ agent R8 tor sessiors information, This is trot 
seeare as the content is not. encrypted one there is no control over which 
reamed. 

busuvnnininV t in , ^! *mm^ 

UlUH? i ! < ( i i ' ! i 



won nyimmnnii 

coateat The socket prccey will * be a \ M proxy to provide i»CeHig^oi 

hi esse of perso:aa]ixed. ccso'enl security, the seonre agent 88 corneals the 

i\<'k - d N , i , 5 *r* i % > >o\p'u o e<n»c is 

supported bo stershuxieonppressien Tgontbara, such .as MP.bf.K2, MPEG-4 
atxiMFBG-7. 

TPs conditions; access cheat 48 receives as; OK (asserning a positive 
iuahotnlcatjon and o«:v uoea do- Jfvi,> u .ess o ,n > iv e 
reguli rHlT ecess jgftesess key eoctyp 

cud.-; hvu.-c puehc] p . 
(9) J { 

Assummg all west well, the conditional access agent transaction manager 86 
forwards 

The signed order is also sent to the conditional access server 26 tor 
raonhoring and statistics. 

cess ( beat "2 

'lbs conditional access client 32 is execuved > a subscriber teroanai (eg., a personal 
< s > x. (or STB), i ; snsponsibse for preseahog a user ineiK to a end user (e.g., a 
subscriber) and also .for n\ i , between dre secure device 46 and order secariry sub-systems. 

To conditional access chest 48, m om s v. u allows external appliea&ms (eg:-, 
web ehems or plug Pep te manage the secure device 46. The .following mrussgoutent request 
Cxs usrti i the secure device 46 are, in ore; ernbodbrient, supported:: 
> b ■ is s hu\P 

(2) O < the states of the secure device 46 (e.g., error not inserted, ready, etc.), 

(3) i > ire; stains of bee secure de vice 4b; and 

(4) Querying the secure device serial muober aad ccriificato 

i v si <> i i :eOvhffvi 

access ciierd: 48 also operates to assign cequesis, received irrex; m conditional access agent 28, 

, C v i ! v ! 1 is s > i 

S s v s 

IS s I < > ' \ } K << \ 

s X v , < x , S ? <ii < ! O , » 5 

W \ Sx ! s S > i , , ' i < 

\! ^ k^Ji s; | i f !, 

sis s ^ on the secure device 46. This sebseripboo counter is utilised ;;>y the < >t i 

-s . s libacnpaotH a, < cant 

ten- 



i o e< nd ~ s *"<. N < *x s. turn the 

'. '. £ ! ' : > l i i 

1 ss i i ceoaeta is ! d v } ^ v. « the clieat 48 displays ^ error 

message ru the uaeg tb.e err<;r message including a;; error code arid a;) Isrgalishdsmgaage esror 
a crip on. in 05 1 > ead o.l 

1m the English-language enor description, i error message \ also coated; a I g < 
<m ' ! t is f-t t b j » teh 

5 > * \ > << i v \ 

' 1 e ^* - N < 

oticula; s e 46 i xen bodirrsent, associated ^ 

- U i < t < l I >S> ii V \ % > ■> V "> 1 ? V N t \ \ °* 

may be a dedicated device specifically for use within u content distribution system 10; a shared 
device jnanafactored tor use within j different system (e. g., a banking sysnaug 1 also 
leveraged withb * content distribution system 10; or an embedded device that is embedded 

iii 5 v \ ~" > ^ » i ^ \t f I 

I 1 g 1 vlh 1 ' > « > v " ( V *U 

<. d\ ! KO 

A mm! ' rerpurernem; tor ids secure device 44 is one exemplary embodiment, s that 
i si s ! e < 1 -> , d O) ' o ' d u 

close media devices need not adhere to specific requirements, ether than providing saliieient 
security to w&stant protection of a user private key . Shared secure devices (e.g., 1 b > cards), 
in ordex to be utilized within the eomem: distribution system 10, are required to adhere to at least 
suit ofd mmrements defmed below, this sxtbs* i « o in o if 

1U 1 >IK lu t ' v < >p i 

embodiment of the present invention, for dedicated secure device arc set out below, 

- „ \Ov\M\h 

a ! private bey be eociypdeu and a second private bey > signing. The private key tor key 
encryption is available to external applications without user FIN submission. The pri vate key fox 
sigrtmg is only available to extents; applications alter PIN submission. 

! *. .ire ^ gi nit' v ih i 1 

device unique px > ale I eg 

s > , >< 1 I i m >< ' 

and e e cum 

« Ibibbc stot^ae, avadvtbV^bt suentN.^v. , in v J^'iis 

l s 1 t( i >1 I 1 f 

certificates (label: 'TdssificateT 1500 bytes) and pobbc free format system 
intdnnotioj abel S em datr - bytes he free i i i s >ftnatiott 
?ba .o\ s va dXM tcire t r; Hnhiq and otb iystem del 
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0 uce te-rrut uns* krbtmaf ion (ia ! U -si v><> ^ k > F r <. v t * 
brmai 1 m id W&-&xm$ wlfS* y^^lisfriq «a< i ! ' ! 

tags. 

* v t U i s "'v. * I hi Ki ^ > iv ' ( 1 i° 

1 m c ho ii k i \'i--:n. ! e N } 

< i i f n ^ v >v ^ ! e \ <■ <- < p> ) 

The Secure device > sdso be prs-cosfi gored oith kvo pirhhe/prrvaie v pairs, arid a 
e t n wits ^ , vale key of i i ? >. service provider 42 (or payment gateway). 

This private key of ;he payment gateway is tested by a secure device 46 s « f ,> to allow 
the secure dos < < 
? si t < i e.X 509 eomplissi. 

ik ^v.uk I ! n ^ N i > 

< t - i > 0 ! ! e; FIN 

littFlMUMJiiepxe^geBte 

I 1 i ?t 1 t 1 ^etif.Nl 3 

one , \ i ) k proposes thai content be encrypted u a content provider id. and llsco 
distril »v i ! , t t : N 1 1 

(ISP's)}, CoBditfcmai access agents 28 are deployed at these coment distributors 20 to evaluate 
v oot ch= ovists from croak- a < . ! , i< s .p x 1 v 

of * requested contest oc&ms. Upon appropriate nuo! \ t of a request, at: the eonlsoi 
distributor 20 and under control of the condidonai access agero 2 k > > requested . nem is 
decrypted and as h si one association g ^ . t > >. o<n <. on the content before it 1 i << e 
, i! v j > \ j •> ; h i ut i i 

may include personal wateroiarkiog of bee content and/or personal re--enery7:kng of the content, 
as will be described in further detail below.. With respect to a watermarkegt operation, dte 

k <. t v. ! s s t u u 

content, and the identity of the cement s , > 1 k be detected if the derivative 

copy of die content is distributed or an orconhotioed oonrner, Aecordc:gdy ? s ceotenr <.< s \ t 
w i'CMi 1 t f ^r- 5 n | <. 0 o t o * 

t v ! X !U t! H i i s 

V i I . i<! I ! > 1 < d 

key, mil k i <:e:;t;rice;es, that may be stored on s ianiper-proof device {e.g., 
card or m<A kai s j n i bk?ed 1 

< 1 P ^ i v )!">!'£ < d ! 1 

crests a number of Certiricadon Aedioriries (CAj and roaioboo a Certification Rcvoeatiot? List 
-32- 



{CRi,} of a vi n Authority ' prevent n n <. access ssdih > ; o s v seeore 

devices 46, 

The content v < > system < w&kh deploys > . x i condHioaai access agents 
2b to represent the interests of content providers 16, provides a number of advantages. Firstly, 
<n << security hmckonality, mtpknsmted by ii conddienai access agent 2a in the manner 
i I > away form an erst user device (e.g., a secure device ! increases security as 

f < > s * ! <, 1 k ! k k * " v > ^ o ' - v 

dtere are ceoneanic beoetks.. as eerunn security uui r is removed t<mh die u tieo^ 
d ;i .i 22, and is thus more easily managed and 'tnuioAi 

\ bilii < 5 Hi i i i 5 U 

, < U < i t i k - . s v t" ^ v vd r K 

relevant keys. 

makes it dbtksdt s< a hacker to i< , * , & ^ - t h ) process. 

!>i , ! ij b i. ' k-' OS:-' a* * ! ^ 0 ^ < l v i >s ^ id 

u s < I ohitur v ihbk 

The coulee; n t n system ; 0 provides security krnctionakA i« a distribution system 
that "pushes" contest to das edges of a network before it is delivered, possibly on demand, to 
coaler** coss«m«rs. 

\ i ' i 0 < i - i v ! ) 1 < b 

such as k \ GSM, or pay media smart cards mat are already m wide distribution, hu s 
adorning f: >r a large coment consumer network, 
< V OB s < 

embodiment of the present invention, of processing a v > > n request received kore a contest 
desthvakon 22. When discussing the method I 20, it is assumed that the requested content is 
stored ao or redmOibated kom in tree ease of live t i s a local conkm server 40 (e.g., 
video file server ox K?uter) n operates in eoupmeken id a b i , agent 28. if a 

i < s ; i ~ - . ) - Wlk naqtaud sas\ 

At biosk 122, a confer;; consumer, lor example tmtkbag a secure device Ah issues a 
request via the aeomA, 1A to a eonka;i distributor 20, operating a uondikosai access agent 28, to 
v ^ s 1 o i N < i i •> u > ? c vU •> i 

etv o<i access dietit 48 excendng oti a eser vieoaag device fe.g., s PC < set kip box) 
nimucs v> i • i i<s, to 

\ v teoti»i, thv cort< u < i 

v ^ 1 v -a , m <m v p n\ 

eptionaky ;s <. > v - . - - , vd device certificate m the v - hi * < access agent 2A 
vt «. ! \ ' ibt. vOOicrit-dssoshutor^onTtl > n the «. > 

un \ 0« i .f i ]OV v!lttKUu,Wo[\lJ!J 



challenge: eoffioxobcated by the client 48 to the ageot 28 ;n associaties; with the user device said 

I tvlv T 1 t S ! t i i i ■! s. s. \ 

retrieves access catena and . prodoet key related to the requested cement kkxx a extent 
provides: \ < As discoased akovee o access externi < the product hey \ are encrypted with 
a public key of m co«ditk«i»i access agent 28 so ' * s tile f «x f c candittoaal access agent 
28 is aisle to access the product key. 

lbs r*\-v\ -^o\ > v x ^ v )v\^r^t!t 

2S issakig a reqoest to a ;x access sender 36. responsive to which die server 36 verifies 

! n f i i o i <. 5 v 

access criteria. Specifically . access or x,> may dife par region* and mx-oreha - per 
endow ) teces tgen id 

I be > lo access server 36 secures the access criteria and product key by 
! i o ; ; ivK p dicco s a i i is c 

access criteria, • I i < encrypted product keys < the conditional access server 56 private 
key. f h o k v 1 v 

At bieck i2!k the cement diskkratcx 2d. arid i \ < conditional access agent 28, 
verities tire signature of the access criteria ask the product key using a cerhkeate <. t kb 
prowfor i w as provided by a tested third-party. A pnUic hey of the mood due scop, v. eadd 
be -ml] known, m& embedded within tu , < n access agent 28. 

In. an alternative ernhodenerk. pertornnxxe constraints nnposed by iarae iive eveols (e.g.. 
I <. i v. i tn d r l t< ,v{ i o > ^ vfg;ied 

in s a shared secret key as opposed to rise private key oikhe I t >n u access private key. 

U 1 ixl 1 ii Kes . vtn m 

ivX5>] | i ! ; > o it j ! 

XX \ t n 

1 t ^cmimt 
h a 11 , e 5 < t i t s o ' u < i b 

t v. I v v ^ , - » S > v w '* ** 1 lio:> 

v V * ' . , * ! S th Oa { ! 

> t> i etc., and is signed by the commerce service provider -12. hi ao <h < < o e i \ 
performance eonstxonts exposed by a knee live event may k o f that the infonnatioB 
c«»neen>vg kc ,-< tedv . i , - vie ^cv.d1 m 

v v en x ran v. -co > c o i " 

At block 134. the condition,*! access agent 1 > content dbtrifoutor 20 receives 
t^ -iom tlx. conenx^tdi su.^ 
kavinyg been - - d by the costem provider server 34. 

hj N $ 'he ix in 2 ^ i 
ecess eriteti 1 p 5 * dx t did and « e N kth entexti ibuioi i 
-34- 



k< s n > order request based > a earrest didn md thna, signs Ore order request, 
i as mlts tfo ordes request to a cgMMobs! wmsvfm& 48 of ifee eoateat eo«saisai f<» 
acceptance. The conditional access agent 28 ufiliases a secure clock to validate the current tirce 

' 1 «. K C-*s C"\ i 3. N % "\ ^ - * w n BJ4> 

i o ^ n - s 3 m < o < ? > - c \S oc oj ^ ^ OP 

is j ■ pic*i v >uv< o s ^ n i i t nh) i tier^ne 

111 1 v ■, i ui! \> s * 

h t v < „ i „ s > < > v K [v v . no- - n 

lU>s' tOl C >0 v!l 3! > v. I ' X 3 i^tviAW-v 

3 0 > 1W , , U \>v v v N 3 (3 

< <.< ' „ - < ;i " , < > : > 

::.;;eure ,o uo< < > The collected data iaedtdes access critena, a use?- < 3u » a user 

3 3* 3 " l k ^ ( 1 5 

> ■> >< Hidk. 

If the !:equest passe.-; the verification process, the conditional aoceao agent 28 then 
m > s ! s v & secure session i\ she ooodibonsl access client - and generates a 3 m<. user key 

(Hi,;. 3 3 ! , 

3 < » O v. V t ' v S J ^ .Si 

the secii!-e session. If a ^ } device is not f I and 3 inquired do > tin 

access; ah the auiqce user key may be encsvnred udlrcinq a pinbhc key of 3 secure device 
46, 

Fig«<>. 7 ns a \ i ilkitnratag a studied 1 1 3031 to s exenqalary embodnneat 
of the : pmmt invention, of securely delivering content from a contest provider 1 6 to a content 
u vim via at least cue content distribuksr 20s where dte cnuteot < s 1 * 1 20 > u s s a^ 
i> >>>•'-' i>r>eiado:o u a ^ ,\ ^ a or enerypeon} relating to die >s> on In die mediod 
ISO, the 3 least one conietn distributor 2G is uniquely *s < 3 < to pcrforu's 3 > t 1 . 
reiadjqq to she c<snte:n, 

v -v tC) 5 0 v-- 4 dv ! f > 

and more specifically a cond;uosari access server 35, of content d> ;r prodtsct key (S f; ). Tiiis 

i s ! ^ ! i I \ 3 t i 0 of 

paaicude' content to ototopic cotuern distributors 20 for ioeei distribution to content destinations 
22, xdnnoo^l , ;c -< , , , , f n ^ , q- s<-ni< n ih< >^ t c, , sn 
> d v . >■ f ot i i - < s 3 j < > }i> i > i 

f \ ^ \ t tK - k ? 3 < (.3 i 

'V x s ' v •> i v v. r H w 3,3 3 3 3! 

i'OiTB a p I ' 

Uaffl ; 
36 oftb c t o<.dde! 6 s en enmypfs tie pnx o > s» 
-35v 



won n:Tmmn'}-m 

i t< s or > . 4 t; v. mi ) i ^ hHk \s r } u 

ts the pub e k^-y at a . , * , 2 < . . .ax ,t ?8 

2he con < Biy ovider IMhen tusn^iss cnciyptcd eom>^ ' m, ti enerynaa pn \ 

At block 154, the contest distributor 20, and more specsfe-ady the oonditioaai access 
u l >| a i f i ^ ( n \ 

iaespepvoof erusrrsuuens. may be prodded by teeoperpsoofihardvasre, suck as an aCypke;: 
cryptographic hardware card, tamperpnao.f soilxv&m, or by a regular PC physically protected from 
rs s? .< i d « 

ratir - d > i ' ■, i ! > 

u^dtaerihu " \>v , , ' ( <> it v uwdyc:ke>< agam 

vvkbve tbe secure, tamper proof e;rvuonuKva iaciiiadud by 3 .secure, device. 

Having decrypted the contest the u» t access agent 28 then operates to \n1 u 
it in naatna !«t;\ , 

v t! oodernoubuvt a espy of £ content for dniiibakos:? to a speube content destination 

t n f « ; * ! ! ! < 

i i f i,M,^ ! , ; >, , ' - ^ ,^ . \u o 

the , a ) signal fx i I vvateuraekaev 1 is a process of waieinuuting a signal as a 

specific contest destination 22 (e.g., a content o >n e or user) k thai da identity of the 
• £ n e vv sit n s >n i t £ 

s 1 fciag of the cottet aOow a content v t .a - 1 £ 

prouder Kb to associate a specific copy ef the coat vet. uniquely watexm&rleal with a specific 

coatee- destination 22. 

1 , s i >a > «<i i 

again wbiuo the secure a << ! generates a unique nser key b.y, and k 

encrypts tbe content oath, this unique user key. 

X £ < , £ ! £ >l> | Ml 

£! jf i i i ' e^cil 

protected, ' d that the product key is not: exposed oatside tbe secure " n < srthvr, only 
an asuborieed entity (e.g., a specific conditional access agent 28) b aosbonsed totoveal tbe 
product key \vithu? tire secure enviununeet as tbe private key of a secure device of the agent 28 is 
required to decrypt tbe product key. in bus way, the contest provider 1$ exercises strict and 
rigorous centrei of whicbeadty is able < deesypt tbe product key, 

i ^ ! x £ i i 

v 1 -.v - 'O v2 3 , ^ ! 3 ^i!>t\ 

produr e > s tribotor 20 theaalso m«(ypt 

k s 1 ,. | t «. kc< v < < >so.n I \\ btfxk " s 



won «v**j fcmmamn 

h\ d s - ! UwU*?A« thcORC O < „ ik toi 

uraq ski user key to the cesitoat eossaajsr at &sx 1 - net son 22. 

At block 160, the content eonsnmet at the cosiest destination 22 decrypts the unique user 

! <! i ! x UK K <. k Hi ^ m < 

key, 

A doeo ^ti-npa s ?U i idvamagsoos r 

u i o < f I ^ v 1 v <. $ ' 1 r tot 

i«tLo' 1 ' m.^u » it v > > i 1 1 Such 

eoemior^ m < , i 

1 > }u niufo i ^ u« il-M 

advantageous in d the operation n performed in a scouts, tanp>erpnoof enviroioneat withia 
xvhkb ) bnesests < >, m i i provider id arc projected ae.d the product key Is subject i» very 
" 'sure. 

u this way, a eomeut provider i d is provided with assurances that distributed if 
agents Peg., so access agents 28) located at vanona distribute points i it to protest 

0 t O- > ! ! \ \ ! i s. v 

i i a > i i s i regarding > i s s that ate i t t by coaient distributors 20 and 
the (i 'i it provider 1 6 is Pass likely to entrust t^o < of sensitive and very valuable content 
to sired a. content distributor 20, 

Further,, by performing the t ? < n at block 154 i < s t < p i p o >j 
)i!!<. i ; >i pi v 

airs reduced. Upgrades in a secure agent (e.g., ilie eondrdorad access, ageot 28) a also moK 
easily implemented than upgrades to processes at et iocstaoes. 

In wc\ i the method i 50 enables an association u- u ^ 'a g , a waicrannki ag 
process) to be distributed to content dniribukns 20 located at ISPs i therefore closer to «ii I 

d l^uPe 

addiesses concerns of a content provider id regarding security resulting fmoi > hi order to 

|l t ii X t i l ' ! ' % > 1 

toil mu<i 1 be si ;k: i ' ia oi to properly perform the operation. The i nhod 1 So 
s ibu - n -i5 vaaneo': by > , - o.\ usuries!; is which the operation is perforoied, 

and providing the content provider 16 with control over which content distributors 20 are 
author; red s> generate clear eonkm within the secure, tann--: t wuh the 

puipeses o o i * soed operaiiciis, 

Mgdnapppg^ 

v-. - a<> mk ... 5^ s I bin fraudulent j-or^v-bute^ 

vAijpho- ve> v tins \2\>i! 'Ad'la > i o>m a sn; rbt-Oeaitie oiOd 

1 c 5 ^ i \ tem 
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Figures HA s SB are block i e s dtesirahng, at a i b level, a osgkod. accessing 
>tn x v .a \ toent >o icn t >v> h r„ s hook pi v\ 

specific s^&reaee to Figare the present invention piaposes e8CQ?pta^ dear contain 24 with 
a relatively large aamber of session keys ! to generate encrypted content 26, n v. 
» > >J! the session I 98 comprise a seqeeaco of random, bauroaayiog session keys. 

* < pis t \ i ent t > j vm. <. nxwkit 

£i £ » > s a < < " ^ i C rfM 

vSstMj v ! \ ! s -drae l Aroa 

. ^ < s22. iftanaliernati s v > > k k tie ypted 

K s S , ) i,, > , 1 1 < ! ! J ( < < o 

by the Iocs; content server 40 for eventual emnb.mco a> a senkna destination 22. 

r\c<. i,a s 

oS ih* i s k i U Sj i u 

to h-o s ><! the emaypyd seamen keys re the conditional access a 2k as indicated at > 

f ! U ' f v t } i > i! S> v V 

of a s \ > k vi < dm access agent s re-:.: b , i dkmbote 1 encsypied product key to the 
i i i 1 m- < 8B u> k< a 

£ U S i pt O 

with the product key (Sk) with session keys v i f with a n k 1 key < N t <. < of ike 
product tey (Skc Specifically, prior to oehxci to a emahfiunai access client 48, the conditional 
access agent 2S decrypts the encrypted product key received from the conditions* access server 
3d utilizing ' > private key (or secret ke\ t of the eonoo oust access agent 28, decrypts the 
hApsctiCO ot\e;^;uu vo^ c \ „ ^ 

session keg si tst: U sag the unique uset eg gt pk m. ?k \ >> kc%sSs 

C\ MilA,<aC hi e £ , I h > 

j \ , u M < n ^ x ; v i < i s K a o the 

v > o ii i mi tn>tn> hSSat 10, 

key k ! ! 5 < t>' ! <( - 

encrypted aeques^ee efyessien keys, the decrypted sessios! key? dsn in tarn being available 
ui % ^ kc , ^ - \ ^ i i s 

It win be &pp«sdaied» utilising Qxt above-dose ribtxl system, ihe product key gth) ren tarns 
protected fronr access at a cootent desttnacost 22 as it is achy comoaokcatcd iVotrt the coaditioaa; 

, t ss o £ k 5 i i O > > ! \ H i 5 <£ ' 

^ K -> , 1 < £ ! < <l ii n < 

<o k i ' access agent 23 utilicing a raanperproof device (e.g., a smart eard), 

ThQ nser key (ly) is by itself useless io esesa other e the xecipieia that receives tMs 
csv s kes w i te s 

Ct I £ 1 \ I !£ A d hi tJ*. < £ 5 ! id 
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session key? to >; \n-ui- ■ ee user to enable \u. ne eej r\ ;„e J user So access tin encrypted 

- s _ ^hjj -^rgc mu k'i s^S!o«Uvs ,p n tc« o I m nk <■ > 
unauthorized users approaches the effnri of forwarding the entire encrypted content, 

h'u >.« ]ih n mov <> C * > >. 1 r 

s > s tetf< sdattfecc i v ion; s - c? < 
conditional access client 48. 

i ip re 9 is a s u is nh < «K) S &cc< ? > » x 

!! 1 ?! ! 1 U f, Is 

sequence of sessioo keys, so as to corneal xi key ok piracy". The method 200 commerces sit 

! i 1 Hli l! < "> 1 . K i v V ! V M X s 

n > S i , U s t K \ t > 

is accessed by a content provider 16. 

\thhx N ! t 

of session keys prior to if* * die eonieoi from a corrtexd: provider 1 6. Content is 
typically s oot necessarily encrypted xsrexg symmetric hltx:k or stream erpfeers sacs as DES, 
\> *•> Rs k , , la 

i ■. •. \ ill, iju.hd 

1 N i < i ! )i LMiMUk^l 

typically bet not necessarily enenydeu assay syiirmeirie block ciphers as DBS or AES 
(Rijrdael). 

» ? < n ent 

. s ! < t s - s ' d dkii pom ^ 

' X ' V , i ! ! > O i < li'Ol 

At block 208, the eomeot provider 16 chsinbstes die encrypted sequence of session keys 

- ' < (, < ' J - J SV i lU \0 ^ J i - ! t I i , ^ K "> H } 

Ui< > - ?!K<? ^ s v v ' < 

kkok , > d i < u o, n 

^< ! i s h iiii M K ) N 

I Yf !,)- IJ! ! %!!< t^s I ^ |i 1 v > << 1 > I >'U- 

vklivered to a cosnent dtsdsmttor 20 encrypted content that a content t< ? m t 20 is uaiqnely 
v v ! «. ^ i 1 eu t ) ) s V! 

respect to Ike extcrypted contest and/ox ' seotxeuoe of sessloxt keys. 

khm< l U ^tr va sin ik'm at i« u vo ? > s >yo dose crypted 

< Ofi"c xt i Tj 

oateat <lbt I igui !0A- HiB li < <> 

aecoukns; loon c^orp^D u«tK\ ^ f , ! f the priest irncrnion, <. ds K'kcx 
u t ( J s s ^ ; ) ' > e o i i i i ? > o* ! 
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mt< he cir , > >! ,\ > that requested < ? ,\ is cached at a > a d content serves 40 of a eoctesit 
distribute 1f h ' » ? » u lodtm< < m mI 1 ') ms K - n <*• vl »e 
8. i < \ h a near reabiiore mseiser (e.g., <. a live sporting event). 

The method 220 commences a t block 222 with the sseeipt of a request si a «. o-k 5 d 
access agent 28 of a content distributor 20 Pox content ft:->o:i a coodihosssa access clierit 48. The 
request iac.kules a user device cerdtkate. issued by a cotntuarce service provider 42 teg,, a 

i U> I h i v S < i v K 

do U'cceftsfc^i v. i ( i w i e i .k 

4v , ji A ? 8te v n 48 

\ibbvh2 s > " aCO)>di*{Miu{ access 

c o < \ e M 1 e t Co hctm i s, o^ - ; -a ;>to^uv e> iK ..wcuci 

coctetA for (A the product u (SA s which to decrypt the content amr (2) rate < ^ ' or 

s v MVtCfit 

At block 22(2 die cceditboa; access server 36 verifies regional i > i associated 
with the content in order io retocn the appropriate access criteria. Spccifvcaily, access criteria 
> i ' t s ' ' i S e . > 

At blocs: 222, tire eondihona; access server < encrypts Ae product key with a public key 
v c ' >. i ^ i 

' ! O \ it! { t < i > O iS A <? t V - ' VJ , \ , 

At Mock 230, the conditions] access server 36 attaches a signature to the rule 
a v s v «. x s i-> pj< v , ^ 

Mm thcixe-s - ov ket key. 

At block, 232, the v. o ^ access agent 28 receives the access criteria and cc i 

! i ! i ! i ' , i l f (< 

certificate for > s < s Ml access server 3d, which is signed by a trusted < parry, i he 
public key of die trusted third parly is well knosvit and t one u i i i i o \A<. within the 
eomittioad access agent 21 

At block 234, pie coodAouai access agent 28 requests and receives from t > vn 
uc A > ' ^ , - i < , , , | \, «. f < ! i! i ooA > 

iP s s < ! , h -> «x 

> s j s\, star 42 

\Ae-o-, N A,; .\.i K 5 - <cc e,e c <. - mK |0> 

i v > i i\ t ul i o u i U' 

s ! i ^ s vnet36. 

^ „ , k . ; < , < h ><c i,d > < 

aeqeired iafomi&tioa <Ag s> the secnte device i' > ; r access criteria tied stihscriptbn 
iniotinakong stgns the order rcqeesp acd coio;;S5.uticates die ooier recuesi to the conditional 
iceess ci-ent 4g i - )ukm«. 
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\ block 240, the conditional access In 48 verifies the signature of the conditional 
ccess gen A oh" s I teturog aa OKkr contrcm ! 

<. ve >-> t a^^t s - 5 N ~ 

Tursing now io Figure SOB, at block 242, the oondiifersal access agent 28 verifies fee 
> j e se-s u:< u<i^\-^ vSsi $ > P v x k 

coordinate. sAaooTptaans, current posse lev ah arA oser date of bi.dk) within a physically secure 
e.rns.tTnnoeto impkmested at die content distributor 20, 

Ad block 244, the conditional access agent 28 creates a secure session with the 
conditional access client 48, and generates a unique nser key, 
\t 4* A 2~t n 

public key of a copy-protected device or (2) a public key of i » secure device 46 associated with 
ium]i ' i n 

> block 248oke conditions; access agent 28 processes the encrypted session keys 98 
< ! ;! < she contend the sequence of encrypted session keys 98 huvrog bean received at 
' i lit ni! access agent 28 at block 208 of the method 200 described above void reference to 
I s un ** y n - - - v. - < ^ f ^ n 

decrypted and then re-encrypted wiih the unique c>s\ key. As h be recalled, to product key 
was encrypted with die public ken of the conditions! access agent 28, aed oonnanuncated to dn 
v >s< i <. e niii\ > , hi < be 

, J O . 1 ! 0 . ! o, kc"tO 

a WW 5 i tw 

At block 250, the conditional access agent 28 ; n tire sequence of session keys 
encrypted with the on w user key — the conditional access client 48 at the co-Pent destination. 

\ ! 1 ! s , X I v 1 SS<}1\ V\ 

td > the onique user key, which was received by As conditional access client 48 at block 256 
from the age rn 28. 

\ Hv. ' ' v. < X I 

fifl < W< V v. n , SN > V V 

c edn i d 5 A 

A » ording io i i\ ther aspect of the present xm entif n, me as desct bed bxk 11; 
with, re.fereeco to Ihgure 2, a pay media conditional access service provider 38 operate to 
i , v f it i > A i i 

security functions provided by such a service provider 38 may be attractive to content providers 

5 V 1 ' i i As > „ I lit 

trrwPeuwn k<u->v t \ one an i ■ ! \> i 

sisgie eosteotpsovids !br 

•4P 



wo hi wo H-iivs»i m"i 

Tire coAeoi m s u ( according to an n. 1 > , ^ k > ' . <J i x present 
isveaJiun that may be provided by a coadiuosa) accsw service ptovtder 38 include fho secure 
s forage arb d Aoibaeoa of oo.atex-t exsxypixoo revs and associated access cri Aria (or obesg a ad 
also ?k provision > secure and scAbbe key dwrnbxAon. system bxai is aide A manage a 
potentially large number of oorrAai > v area?, 

lAgUUA? W ! < , < 1 ) . ^ - "\ », { 't 

a x- s a < -i , o: r 

!- <> < ,\ ) \ 1, s'^ei^i x N , \, > , ,diAi aCCb 

multiple conddiuoa; access ageats 28. At a high level, coatent is eacrypved at ? tire eon tern 
> i shots i Ac!} it Ih 

V , \ \ A < t ' V J S v s ^ j t 1 I ^ 

thereat assumes respoasibility for m$a._ > of user au&ems'eatjoa &&d key distribute. £a 

dk "UlUUS 1 ! i a i b „ xU <. 

provider 38, instead of die tauBlioaal approach bmt .requires a ardxsAotbd AvesAxeat Asao each 
contest provider 16. 

As started above, < .number of advantages bow frora having soiddpie oox.rAca pis-- 16 

I i i i ! 1 K ^ O i I \ 

m nbu cd 

no \\ v ^ j i 'kirn k>«, atotags. laid ds t. 

Bxearplary sectmty issues o; a axe addressed by bra --■ a bxverbion so dude 

I . Karadom product key generation: b a, ib be appreciated that a product key u a ' 
by eoateat provider 16. in one u\ u is < *r (be., approaching a true: 
random key) and created in as enwoaaifijtf tested by the content provider 1 6, 
. \ piooucikcN p£ot«.t^vMrv(T.K anxsa vCtnhaamiKKAOxM o^\; - 

while stored A a database smhrdabed by die service provider 38. 
3 Apnvik . i t v , s nd» ^ 

4. X asaociadox- of a prodrici .key x\dtk access criteria tor x aies) is restricted to 
axithorsaed asera oalyx 



K vpxeiTK av i , t 1 1 > < \ 

-5 5 K s votv^guscs 12-15. 

' * \ ga v II i < ' » 

access service provider 3S sa shown to deploy ax; .ASP eosxdibonai acxeess server 37, which 

, \ v v. I O C ) t 3 if i 

m ^ bh u - , s w ki', > n,! < a > o>vd 

vcxrexa |\w. sow ^ A - - * s ! , ' u A ikdked bv die 

eonduw da, ,3^t^>. >T -pv-Nov -> j .i . 

irerfoxux ceriaia operations is *i) he d« need in orthcr deiat! helow 
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A conditional access agent 23 \ also shows to deploy » agon;: secure device 29, <t v * is 
smniariy used by the agent 28 < provide a seeate, o i\ ^ ^ t v. ^ is winch < 

v ! )THUUpH>\ide xfestboi ! ! k ' to 

> >U C < - V. <. t ■>> W 

! i si i. A n\ nphn 

esAodiment of ids present hevejAosi, whereby a eorkbhorrh access service provider 38 provides 
security tnnchons to A parties withA a content t <>n system 10. 

At block 3 a produc? key, and opdonahy the access criteria (or .rates), are 
communicated from a content provider Id to the service provider 3.8, and 3|:ax: ideally rc the 

i ! i ! < 1 > ^ < ? ! s. 

1 t > v\ -o i i uo s v . s ore*. o 4 - n 

conditional access server 3 7. 

i block 234, a secret ager:t key is communicated tVosr; a conditional access agent 28 to 
•he sectsre server device 39 of the service provider 33. encrypted with a storage key within, the 
' ! >> c ^ ' . - ooider3S. 

d.t block 2 Ax a content poo nkr id distributes content encrypted with the pmdact key, 
< a local content server 40 of a content distributor 20. As described above, 1 local no 
server 40 operates to cache the cocoas' A contest, n one exestpiary s t > i i. f < for regional 

i s i An «• U V x ^ , s < < , 

with a conditional access agent 28 deployed by content distributor 20- 

i i ; i .< * a 5 n ion 

agent 28, h - product key, encrypted by b;e service provider 3d vAdi the secret agent key, is 
i > the conditional access agent 28 bom ibe ASF conditional access server 37. 
At block 290, the conditional access agent 28 decrypts, and optionally perknaes a 
\h i<H ! v o > ^ i 1 ( K i < <. I i 

m q sh * * v. i ; - ^ t * t , i >s ' 

personaliaadon tor assoesUion; operation may comprise a waAonarkAg operation to watermark 
the content and thereby generate a derivative of the oriental cement that is unique to die relevant 
as A x s : 

The personalization (or association) operation racy also Adnde s i <n i\ content 
with i unique use t as: desert 1 above 

V 2 v. K s 4 , v o , »« ( >e i A \ so, 

n v^oi tn i t t 

Fsguse " - , i m< a v \ 

i, ' ? » ■, > Si 1< < iti 

\ v ^ ! v. > eo <. i, n 5 

\k iv I 0 v w ■! f } i l 1 Uti i ! 4 < 

nusnbu generatoi 19 i;os optirswlij , pro ■ o >e C ss do tea ?, to f ten i % piov) it a in dt 
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degree of aasdootoess for the product 'key . It woald x appreciated that ; Riga degree of 
esadoaaxuisa is desirable to provide an mcfsased level of security for the product key, 
\t block 304, th product tess s< sv 

Airlock ^ n.,<o mk c i , - na a 1 , v . > <. 

ebkentg the product key is identified. The encrypted prodae; \ is then optionally combined 
wHhfMs mis mt trmatio i 
private key of the costers provider 16. 

Vt block !V n i ' ' jched to the encrypted prod ey(an< 

> I i s x > f i i i i | ! >U ^lu ^ihf>o„ and 

provider certificate are comnnnooeaed to the ASF conditional access server 3? operated by the 
service provider 38, 

lam now i activities pertbnned at the service provides: 38, at 1 h \ t* the ASF 

<. > ,1 ! \ , , i< , ,,1 > ' , ' - ,\ ^ - Wl . 1 i 

to, encrypted j I it , c x 

A.t block 3 12, within tlx- secure erwironoaaat provided by da: server secure device 1 the 
encrypted product key is decrypted otikaing the private key of the secure server device 39, h 
'uHlxi < v! to? >> A v " 1 1 o'oaP- 

server secure device 39, 

At Mock 314, the product key is re u p d with 5 symmetric storage key, and stored 
within a server database. < 1 < < o within f K database 41 ; the encrypted v U key (now 
encrypted wilt the stowage key.) is logically bsvked io tits content provider 16 drat submitted tits 
product key. 

ta the event that ode information v« submitted ; conjimetioo. with the product key, this 
rale information is similarly stored wi&m She database 4 arrd also It with the uorrkn 
provider and product key witinn rise database 4 ; . 

By only revealing die product key in the clear within the secare errvuroument provided by 
the server secure device 39, and encrypting die product key with a s > a* storage bey prior 
to < 5 n> the product key within the database 4 i , it wilt he. appreaiated that access to the ? od f 

i i v > s 5 The 

storage key is managed by the operator that hosts the coodiriotial access server 37 {such as 
8 triq) ad b cycled oo a k > m^s ; A k ! P t kx ? be secnedy 

msB&ged since it used to protect many ppodnct keys that in tarn can. decrypt many content items. 

Fiaou \4 * > t v < so 1 

! a | i ! . , a f a> ' 0 

the ASF conditional access server 37, 

kdtod - i u f 5 < n i u . 

1 i c\ w, - x ^ vt rreeoie device 3V. 



At block 33X toe - ^ * x . • i h uohV 

server sec* edevicc ! g *cxei k<sy is x ~> o cure co t» ale tea xtvveen rite 
server 37 and the agent 2S 

%tb'>«.\^>f> b< i<X s XSK 

device 29, and tb encryax-d tit res key b «o smittc< to tbc kSl- condition.! x\ ?sero s 
37, <X ; xnd aii agent eerxbesie of the ageoi 28, 

1)1 s ! ! - , v v. v V v - V 

328, the eondxoxd access server 37 verifies die agent cernbeax aod u. e srd at Mock 

* v vUv > i P ! n s >, 

kfhkxi < < ti ^ axtv 

«. ! s ' u v. v <. s i sh s fh a t <■ r K\ 6 i 

re-encrypted agent key (exaoypxd axlbxng die storage keys is stored within the database 41 s arxl 
logically baked > ao associated coadidoas! access agent 28. 
I mm i i ' 

< > xhu i £ ! ! < ! . X 1 v v -. 

' > - jm i$. 

' < ou * on to > ! d w 

conch booal access server 3 b 'Tim request rrsay be for hceoee generation purposes, or tor fire 
purpose of deciyyterg eotneof stored ai local eorasm server 40 . order to pertbm; m 1 >^o u n 
<. , ! e > e clear content, or merely to o ^ the dear content to a content oesdoedoa 22. 

At block 344, the server 3d toasnhte the eraoypted produci key {encrypted renh Ik 
ox ■ ' < * s , i a \ \ s \ , \ i t . 5 i 'b v mm a? 

si «ax -. o ' ^ m e ,ec - i s 

At block 340, the server secure device 39, in a secure i \ c decrypts both fee 
product and agent secret keys, so tost these keys are only a the clear within the secure 
ersvircariseot. 

c < - ( s die. <et? 

secret key. 

v int^ He e?Kt^ 
| s n \ K \>P 

coadStioot .se^c xxu 3 icarsssxbs ihe enetvpsed poxtnes t;ey;o;he ie>:ue«tegcond,itioml 
access agent 28, 

At block 354, do coraibroml access ageor 28 receives the sit product key, 
decrypts the encrypted product key atbixng Cm agent secure device 29. 

! . te v - iv. oo,. \s di V X> f i , 

x s t , > s , i h Hi \ i 

x- ' ) 3 v s s M ( v "^p v 

t^tv! >x .^^ ^ .^k v vktl.Hoi >c iu'c c< u oxa xs itsotj 

a d oi oi , rvpted product ! , ^ t ^y, 0 
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a corneal destlaadoK 22. \ t i the ! \ > ' access agent 28 dun uFliced the 
Cvvn ykd s \oJt >\ k» a.<veiak" <Aar ;o-'U n pvcknms >\ <■> ^iU-^ n 01* t elating to 
the cleat ci>ol<an. For exaropic, she clear content may V e-ammandaueu directly to contemn 
destination 22, may "be watermarked atcFor may be re -encrypted with a tndqoe usee key, before 
delivery to a T \ s < ^ 22, 

As described above, a content provider ! 6 may op&maliy submit rules ■, access 

particular content To Ms t- die ASP v >wl access server 3? may recgnn a valid digital 

mu v v. ,\ 1 o un J f w 

the eotrtem pnn idet « i fo 0 i vce;;nv-o. 

t l \ > V '1 <• V U 1 

challenge (gerssraied by die ASF conditional access server 37), m a rule change request 

i! v a n ' s < s ^ v 

permit cardies other than the content provuler i 6 to change or speedy role ' I o« 
i ! < | < i is » \ ! v I \ v I , 

*S r <n prf* s-Je il 

h">. This faoctkucFdcy allows; a sooioot provider 1 b K to inodify rck nhor; nation associated with a 
prodect soy that was registered by another eon tent provider kg. Farther, this mactiorrality 
adows a content provider 1 > < introduce v t ^ rules for a product key that was previously 
registered by a Father conksn provider < The pay media ani mo access k s 3H. n 
o tiibd )e j . - 'h mb, • , ^tins 

(1) Registration of a content neon sod <e associated product key, by a specific 
co-nsot provider ; b. 

(2) linking of a prodoet key , associated : nU a particular content item, to 
additional now side cdenu a m.. and modlFcadon of the rale 'iofdonadon for 
prodm* 

i ! R - ! . I ; -> S t ] v < ! 5 >■ i 1 i 

d 1 - t i < < < ' ! > t <j utii Hi v <. 

fee new eon > - -ha , , ><! , , s < ,2 

producv..c ' > am 

, ! 3 J \ , ' V , i 

« efoi v n a> ! u s o ! ! i 

v h V ^ 1 v. I 1 s 1 | '( ,1 ^ < Hj< 

m content provider > may he rardaariKed to update nPes F>r content provklcrs x aud 1 o ;: . 
'Jtm^J1>, un s \ ) co , , ( i i > 

a\ d p« t c et\ 

and 1 t>f. 



■46- 



won vcmmann 
v _ > o e ^ v s ^ 

As described sbo^e. onrrestte solutions stx? based a 

combro* w {_ >im > tin ^ ,nuu o <h . \ m s n P < sr sde - \.< »1 

card), !< ^ * 1 s" \ oiVitfeiisrtv&rtfn ^ 

4 ^ t w> v on ^> 1 >.v ^\r'ik idocs\<>f 

ipss , i j \ < ' ! ' IK ^ K ^,c*>M^om-tn < 

content vis a specific copy-protected device ptacbased by feat user, and mto which user 
authentication; o ) > is integrated. For example, „ t m v user is currently sot able to 
,f iii v a STB, owned by a friend or relative thai ihs s -may be visiting, to viw coiuexrt to 
which die k s it is a subscriber. 

W\ v s one aspect of the pxesexa . 'Vt>n, bos problem may bo addressed by 
logically separating user a uthea.be atioxi huawonahiy bore content seeaxby (i.e., wou'raed 
I t . t i ■ n » s 

system 400. according vo an eaerapiary eoa xodsxnexn of the present invention, bars provides a 

podu .^v to t\*v ,e e | < | 1 ^ i *. i o\ > 

ho I \ > s, > ,d < ,e , . v , w I f <■ a < 

certificate for contest security no ' More specifically, the sysiesn 400 includes a 

secure conditional access agora 28 that communicates, as described above, with a conditional 
,\u v. < I i Is ) s > * v < 1 >^ 

dwne~0 i ^ ! b 'V 

(og. s a software based ianmerproof decoder ox hardware baaed set trap box decoder). 

The secure rsser authentication de vice 402 is, h will be tpewowv u associated with a 
us8x s and «" thns tvpwevb iK\ < i> rep 

protected device 408, on the other hand, is associated with a device witbin which the ability to 
copy si contest is disabled (or resected). Accordingly, da secure copy-protected device 408 is 
! ' f s > i vd vi I )uo ii i < 1 or v H ! 

( < ouh - ^ t t <. i a r ! <■ k i s > } < o ^ 

shown to rochide a respective device certificate 404 < 410, and a device public key 408 w 
412. 

' l" > 1 1 <. < a < 

! s . i ! t C ?! 4 it t a s 

entphwixtg separate user device arai cepy-pKPeeied device authentication- processes to protect 
content from enauthoriaed access. 41 a high level, tire method 420 includes associating a » t 
device .!i,v co- process cab ,.;,c-i „e - - no u , separate, copy-protected device 
^ > xdt t .e v< uiejit. 

v O U„OK " I i v ' & 

o t i v. Sv s ^ v. 'V , n e - nh 

a\ m m > 4t N 1 s, c r ; i ros the uses devk 
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signature a to the secwe tedders >. es « u block 424 s 

conditional access client 48 receives a signature and certificate 4 1 0 associated with the copy- 
protected device v and transonrs the eopyyeKitecaad device sigradnre < certificate 410 to the 
oondMoaa.1 access agent 28. 

! ^< JOTlit^s J t.N,« v lllG C^MJS^dcUui vaw 
i - i ! i sc J f it ] l\ v >s > v 

t y,;s s ; < n « ilk! 

v < > , , , « x pm uu! e v 41 v 

appreciated, is presented to an > < i < > via fee ik 1 J copyprotected device 

40$. 

s U \ < n n < 1 1 i i v. Ov s k 

copy-protected device d08, A; block 432. assuming I verification operadons is performed at 

> k « i i » ^ j t \{ u«i i < j n 

ih< > < < < t , i -> v. > x d 

conditional access agent 28 authorises f i i of 4 encrypted content to the e »ot\ < , 
n < 4 4 1 1 ! < n «. > 

^ in < > f; , ) ^ - ( < 1 ! ! > o MP tk4 di<m<n 

v hetou a v * > 

•Ok S'Oj - ( 

In conclusion, it will be noted that two separate and distinct authentication processes ate 
t* u 1 1 t i. n t 

authentication processes verify separate and diebnet user device aod > > o ' device 
ikbrreation (e.g., scpanne device cerdtkatesy By separating tire authentication processes, an 
authorized user, n v exemplary use scenario, is enabled < t a s . > n device of a 
rest and eicu son i i f 

\n<< V ! \ "< ! t id th 

n:o be e nCKco can a ;\ooc d .vnntnre --it 1 op \ ^ ? . t'd , u|i 1,m tiros 
enable , > < :oi v is tin ! sf ->n< , oa ; n \ 

\ < ( 1 at > -st 

a j I k ; N m " n < > ,\ J Ubibi 

! ^ n x - „ 1 < , h ! -3 v > 3 n pi > ( 

(e.g., a aser computer). However, suck, content licenses are not tied to a particular user, and tans 
v one. ^ s ^ ' ; i ; ! H ti s« n > < -> s » 

horn a content owrsrt (bcense issuer) as wed as a user (license holder? viewpoint. 

I > one aspect of the : posse* boo, a s rsa« 
<*n& \l r t i ? i to be kckd ) a been 

! 3 3 \ uOiA f t 3 5! ib 

mm a ootieatit evic oseord t eet of i r a ireenbon mt 



of sect-dog content { a < ro a network would include the operations of method 420 
described * , e v. itb reference to Figure 17, bai differ in thw at block. - 3 2, the ^Wiioii 1 
a«( s *gerd i8 would encrypt the pioduct &#y w&h botii the pofefic keys 106 and 12,3s 
opposed to only the h key 1 i 2. 

Figure IS is a Hew chart illustrating a method 450, according to :e> sxentiptery 
einbodhneni of Ok present in of cotniunrdeahrrg a product Key, enoi-ypted 0 die ptddk: 
keys of both s copy-protected device and a user ^ n device So a copy-protected device 

udlidag the public key of tbe copy-protected device 408, soul thee again encrypted with the 

l > S ! v. " i , d > W K > 

d > 0 , s. 5 , ts K i , y ( ^ s. . , 

< i +0? to s«U d k <. To order 

to prevent replay attacks, die copyprotected device 1 OBraay append a ekaUeoge k> the encrypted 
h< , > <- < ; 

o<o e . I>utt» H <. ».-+53 s aiWi> 

i , v f i v it ! < i a s > i\.xkoi 

I as . I ! 'i , .-a- > ^ , ^ ! ^ K „ < $ 

At block 454 ; the copy-protected device 408 loads a coatee; license, associated with the 

K 1 i \ ( ! >! 1 

;tot> of ao mii conked licestse 470 » ' c> be loaded id: block 454, As 
illustrated, * content license e70 inoindes a raaehrae ideathheation hleredfylng die copy- 
p < ^ t device 40?$, ouknS ! « identifying the requested content, a tvvke-enerypted 

product key 442, license ueage ~, t * -s a signature of the license -o»k and a n to tk of 
the license issuer, 

R'uiwuhF^tulS ! \ is tihi 

' 1 i 1 ! I 5 T > N 

is unheeded in die license testae res trie dons. At "block 458. tee copy-protected device 408 
no « Keoeseo the 

i ' authentication device 402 k> decrypt the encrypted prodeet lope and also issues a challenge 

kf iUH x < > 1 ! < i 

authentication device 402. 

M <■ k ■> * < uouu >.- 

O ^' , d v j ' » >, C « \v<~f}tH 

chiuteuge. 

XSikvoiiOhl (. 5 ' 0« d < 

I , ss v > d ■> * <. > i j fs ! ( Pi 

encrypted product key udfiaiag die private key of die copy-protected device 40S to reveal the 

i? ><« v v \ •> < * ^ ! f j ! 5 \ i <d 

to decrypt die rogues ai d conte nt 
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s I >ve < vsw,' v.spaofiheptc»trot mvorttiOii i - nth id mm exemplar] 
;u;e scenario to secare 1 s t confkiemiat data > - d toy and scored on, a copy- 

protected device 408 (e.g., a user's eompateri. Depending upon ns*r\* u ui 

h ) i > 1 ! , . „ h n ! ! ^ n f v 1 K ( v. >. i he 

< \ f i to s > k^twaone 

.l.i£enM.£i^ 

to 1 N 1 <5 X i 

UK,...!! i » ! f HM > i lis 

1 , u is i t ! s > ^ ^ v. v\,k» u»vUo\ <«o mr^'gitv 

private keys, and associated o> i authorities n be high. 

With a view to addressing ike aboveddentified probternto toe oreseto invention s ui 
one exemplar? eirdxsdhnent, signing a ikeroo -utilizing a secxsl symmetric key. In one 
f> lisn ire ret mrm; I < uprises a produe r that encirypts content to which 
she ) .nv' r^i , -s to 

utilized to encrypt a prodnci key that is in t utilized to encrypt the content. 

Signing a content license utilizing a symmetric key is advantageous to in i I 
t s ; g s of a symmetric key operagoa are » ,t < > >. toss < the eotopatadustoi 

<. > NO 4 ! ^ A ^ * !>*to % *' lV v i 

distribution sotoastructae > generate en increased number of licenses in a potentially shorter 
time period. A farther benefit is brat the additional roosts dwjii, "os a public key to.^ooenne 

i ? u s it 'ii to i ■> h , 

key; this product key is brown to the keeose issuer anyway as a license will typically include 
such a products key . 

Signing licenses with a synnnetric key (e.g., the prodnci key) rather than a private key 
allows anyone with access to » product key to create lu <u than , tiKto, the 

; n ot sheens to eet sod liees ; is e;s 

to d< of the present invention, of signing a content license wh izing a < it » to > key. 

* i o \ v , , i i i n i >v < ^ \ iu\s.4M tk 

^ n \ - i i t 1 i St hi one 

u !K f! s . h < v. ' to i s. < i to 

to - v - x 1 > sesyrn e> S oUri 

1 to \ . to> s f 5 > v. > Si' 1 ' 

associated content 

A.t block \f the contest provider 16 proceeds to to) s da rasa.;'-. K itk 
V V a. V ^ ^ >. s..u v to s 
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Atbiook - tke <. n\ i provider > ?ht:n distributes she ok i o the associated 
v o !u. > i v >v i j e > » *jt]f**u<J \t Of thrum to s o->iv«t K\jjti n 

At k\ > iC>COV\t 

p g,30\n - i* < . 1 k ■■ ^orue Ua 

may be according to easy o;io of ih& methodokgaes discussed. For evarcpie, the syoxoerrie key 
may be v r\ ; <. milling the pttbkc key of a copy-protected device 40$ associated with, fise 
recipient 

d > v. i s . I kg Ioj. 

example. * recipient. ^ decrypt the product key ubbzkg a private key for a copyprotected 
dsv *a tf <^5'\u^- 'b its i iV . k i t%5 a \ jv 

eors.tesd decode 

15 ao • s s. ! s. 1 ^ . * ax vpx e... ;txe epi sucdk 

decrypt the corncre utiheiagthe symmetric product key-. 

IrifjPH^ 1\ k * ^puiii&rj re Ms 1 o < 

exemplary enbxxbmeot of the present kyvetuioH. As iihxtrated, tke content license 496 is signed 
abikitsg digital signature 49k i > form of a syonnetric key. in one embodiment, tke symooekic 
key is a product key with xhleb associated eon torn is encrypted, The content license 496 is 

1 1 > < < . s > k us , 

t.kk hi differs in that v. bce;tse odd p signed by the i d u key, as opposed to befog signed by 
a license issuer. 

t <i> > > , ! ti c > ! - o lnj>)ii 

exemplary mfeodimest of tke -pm&nl n> s of generating the digest signature 49$ for; § 
keens! d 6 uiil svga cyan (c \ hi ks 1 

" si ! i t t i - -Pi i s ! < r i 

bash resell: 512. The hash result 512 end a symmetric key in die exemplary form of a product 
key 50b provide nrput to a sigeatore tkacixrn a } 4 -hat generates a digit;;? signamre 498 bar 5n< 
r , eo inputs 

Jstissre ? Ki'ii; k 1 vnrf, 1 «' n n 

dre present mveaiiop of vers eying a content license 496, tdnisirsg a digital eigaamre 49S 
generated ntkiaiag a symo-etria key (e.g., a product, bey). 

km iicerc;e 4dn is again salpcet to dte bask hmotkm 5 \ 0 to regenerate the hash resrdt 512. A 
verification iknerior; S ' - receives tke three inputs, rsasueiy ox bask result 5 ) k the symmetric key 
a *0 c !t s ^ \ , no 

n ■< s ^ » s \ aitkvitioatu:\1ior^ , <v - . , Rjytiv'i - - ' 

titiiariog tk - tlrree xp its 
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?< N < ^ vk ~ to h v ' 
to provide a eonteto provider id v 
mober of xassom. For example, a 
net worldwide, but need .to 1 



< 1 j h ^ itoo* 

At a high level, the present iovemioa proposes that t > > s ! 6 encrypt content 
< i, h t > ! t > i s gvteJ cenn 

f v i. < s d < n> v. i s i ' v > . \ v > v - ■> ^ 

key s keys}. Prior to crarimunicattog seed etsiypdoa keys arid content, according to one 
JV-.; to to present reunion, a - ' and/or a copy-protected device are air to >nva >\i with 
sectnn ton < devices < PKtoenahied hardrrare devices such aa smart cards or USB e 
foUn^) < to > < i \u d i e- e:to op'.epiiK 

e, = i - to st si k > < u ette r 

n destination 22 

I i„e t to ! 
> tntovs v >t i ' ! > , \ u to O > i' , 

<<.<■> < { - < ( s ! , K , > 

! !i U 1 ! ! f ? ! i i i 0 \ 

m o\ (1 to toe content destination 22. The ; x * i s for -. u > be received at <.< u i 

k v ! I as. ~> ton , 1 on ! n t } i to* i 

v ( i to d (it , k i a 1 to> Si to ii n I > ! < r < Ik 

conditional access agesit i 8 i include both a user ? u t > t device e to n 404 and > 
copy-protected. devi.ee oerhiicato 410. 

u ---top-,.- in-)! . - s ^ e ito -si rr - .dto<! ne,n>trtevea 

access criteria associated, with the request content .hveu an appropriate conditional access server 

^ d < v \di - < s ! a > <- Sb . , > << ^ii 1 ! 1 

includes geographic access criteria specifying geographic regions (e.g., aouoPiies. states, 
pin v. o s Is s s \ < if s s n s. s. Pi 

geegraphic xegious. dor exranpse. i gv:capto>ldc access criteria s prohibit, or alternatively 
aisthorize, eiatribrrdoe e.f tire associated content to a specific geographic region or regions, for 

H s to x \ K «. r T i i 1 < d i I l !K to 

asry gcograpbic location idetoitkbto by> arvy criteria, including national state, mutoeipal eito, 

urp.ru wrneTPsc, tko< 

\t block 554, the conditional access n x v ! n i 1 \u8$i.orm 

catktft process that, in o -<-l dinn ? > \ tun \ i >? i nm 

•> s •> N i iht ve->s-p sM^ntad r , ' ,cc ^d^ n d < i j a 

c&itMcate. la a« alteamtive embofesst; a? blot k 554, the g^ad^cmA''0(S«^--i^g9X^ 28 may 
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i i kisp of the delivery address of gje tww* aHtheufc-atSo evi -„ b 
> n ! !(* 1 m the ) , device certificate 440, > yet a further v N \ v dx 

cc- m ^ i v s «(,a^n ^ 'ooh'j it, v-sh iiv ifik^n m'u 

n u > , k J h u n orro i K i.Uv u 

C^ltCiiK, Ot ftO "(I s t 0 tK ^-crt 1 vT" ^? f J >, \ XT 

At block 656 ihe vend u< na nx so. eaxau 28 determines the sonree I? address ot the 

SOvj •> U. si < 4 ~ \ K 

source IP address to a geographic location. To this end, the * ' 1 act-ess agexit 28 may 
have access to an arMsml geographic location service, such as those otfered hy Qiieva, too, or 
Sh n - % - » <. v , > serf v s 

\t cock >5\ tiK. wrtc so 
included in the access criteria retrieved, from the conditional access server 3d. 

\0iv 4> M V , 1 . v. > ^ , . U > V > k 

„ , d*l . ,le i ss, . t a' tU'^li li 'he xrpm x 
location associated vvifh the source IP address determined at clock 556 comely with the 
geographic access coterie. Following s .positive determination at decision block *> the 

i s i ! access agent 2d releases the requested cotueng stored on the hao&l coideot server 40 
for deliver? to the content destination 22 of tire content requestor. Ob die t w hand, following 

t , g i s ! , i < ti s ui'o t?i<4 

at ihe content destination 22 < blocked. 

It v.iU U 1 i 

! < digital rights raacageuxad and exercising yxoaraprdo control over content vioon For 

eo, pk nffl.vo > v ! I ! ' > rd 1 fl'SUi 

t nn n \ lhat udsh > access sports events broadcast over the Internet frees a. t n of origin. 
The sports clubs rc 1 the contest providers J 6) ctrrc udlhdng the above method 550, verify that 
a oordent requestor is located at a content destination 22 in hie U'.S.A, by verifying the eooteot 
! ui so digital certificate and signature, for distributing encrypted content and us appropriate 
key. 

1 » K > t n o n u h eo aOd v n a uv,; . i n vi . d en e . - , > < a d 
1 » i i i v n rthon ed 

_c i ] hi vn > * nmum K on. Mm! dno t 

g . | > f ^s I U V ( O .1 d II i MH 

n v. > > i . one VovLetT 

geographic locidion. Costenia^dk^ as$ ortly deli vered if it user has accc-., to a user 

i ' x < < ! all di e s t \ H > k i 

O »! s d .Ogk* . 



Trruhbonai Is; payment solahons may > iv a user ^ provide femcksl 
mfm vm\ u m o ^ P$*S 

obtain content. This pot.eiit-ia.Oy creaks backers to entry for a user. 

According vo one aspect of the present invention, these problem* are addressed by bavins a 
>w \\ 1 *< " ! 1 ' OK 

gateways through which (he conkmt provider 16 will accept payraem such that a preferred 
payment gateway is highly raraked in the ordered s i & least preferred payment gateway is 
t ' > !< so i ! i 

Up<m wow m„ & user requesi for access to cement of a partkfear consent provider 16 at a 

k i I ^ i % i>k \t o 

i \ i i,j t> oivion, mij v,ottiil io» 

oxa-r.pka a eoatem dssoahw.or 20 hosdag Ore ooodikomb access agent 28. In one emboduneoh 
th list o i gateways groseokxi by iire soaditfoeai access age;ri 28 to tbe > a < t 
reqaeska: is dictated by the conken provider 16. "The cement distributor 20 ia cot anthemed, i 
add payment gateways to this bsi, s merely to reorder tbe ! t reelect an existing mi 

< i ; < < s < n i 'nfems ( l« 

i n < t N s t v ! ' m t 

gateways to that: list, bpecrbcabvs bio content, distribeaor 20 may have established rdfetsomfcjps 

<h ' s * j * 1 ' b n s 

case, fee <efe distributor 20 may mefwk snch bather adcifeowk payment gafewrys ni ibe f 
presented to * content requestor, In ba's case, tin; comeoi distributor 20 will assume 
ferine appropriate iraas.fcr of the femis to the m n provider 16. 

v if B 1 i i I v> W ,\ WOU 

« I mm 2 i < a x o » > 

i 1 k\ > n N 1 i , i 

the present invention, the amn 'feaymetk gateway^ nab be taken to inefede any party dart 
M - s , ; bo<> < \ ' nnarKiii 

■> - ^ - . ! ; 5 \ 0 >i a v ! 

iu < > m * (.a; ink! < u t 

i ok j 2fee*se La ;ifo\?Jmg,w 
t M s . s <■ m < s < v > • <i i x 7 t> a i 

bamc's payirseirt priicessiirg systeir-, a payawot gateway :nay ope;ate to translate messages into 
jibe? Ibrmais (e x ^ , fotaa 1 m * \ > < u 

u s ? v to kuav ^ p,>\di N sin si t i t n Ma.oy 
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Hgatn 25 is a flowchart. „K f a incited 600. according to an exemplary 
u u i of d \ t iovenooix to dynamically v o a s<x gateway to a comettt 

. 3 V ^ ^ . . , t s - 1>\\ >2i 

sbv tk 1 ) \r orrti- a 

i i * _ i. p % >> hi >s 

< t ! > i <^ , ! t < 1 f (ll^n *>t ! V 1 ' sj. * i. >5 

Pi < vU < > I \ y i 5 ! 2 < J 3 > ) v s ^tt 

S 5 < > i 1 i < i > ! «. v x , s i. ! . - 

i Si ! < ! ! S ?! 

t t H 3 : -h. V ..XWWWSW ,tlc t ^ v.O fl 3 O 

- nl'\fi u> of the present mcat'dom is provided with a;a additional "rank'' field thai Indicates 

t ! P3<3th. , I } S3 ! ! <■ t 

gateway by a content provider 1 6, The raibortg operation p-erf oisned a t block 002 i i\ die 
idemdseation of a preifetKid paymeat gaiewsy.feal: is kksatifiecl by the ooMsat provider 1 6 as 
being ids first choice < s n gateway through which, to receive pays-cent far access to 

^ it i \idea, 

<> ! i i i i i i r \ !3 ,0 

of payment gamwaya according to relationships established between each of die respective 
> t s distxdxrtors 20 and t payment gateways, and again each identify a preferred naynteot 
« - *\ b the simplest impieomotatloix the contest distributor 20 Itself may >V 3 .n* a 
>x \ otf t 3. u,v> rs mo aot have established any tekedoeships t ids party gateways. For 
of 1 t. ^jtiopajeay: n operate both as a content distributor 20, and a payment gateway, 
i this ease, > u < may sisnply Identify as !v Esche@Hon>s 1 \ ' as the preferred, 
payment gateway. Irs a more complex inpbementatiom a contest distributor 20 may b&vs 
established relationships h a naroher of payment gateways, t t this ease may maintain a 
table similar to the table 'd i! p n of the corxbdostai access server 3d. 

Oil 1 t M 3 s ! < n 

O NX v ^ W d t , > >! M .to 

inksrroatloo as described ; <. access se;:ves: 36 of a conteot provider id. 

According ha the present mvcoiiom the iad^isruitior: eooimmilcateo d'om the eoiiditioioii access 
se;'ver 3d to the conditional access agent 2d as part of this < us > 3» > iBcludes a list of 
payrisent gateways accepted by the conteot provide 1 d. This list of paymeot gateways i:oelodea 

b v ( s \ , 0 < 3 < < 3 ! j 

I i st gateway. At block <. tlie c&;tddioi;;b a;x:ess , dd also ioades a h > < t as 
;c vlubxi a xm'-, d h-t of p,p txcot „a oh •> - x i k i-' ic te3x ha. 1 sa' 0.. % c- ! d. Kcis 
, X bv hy tlx: x > s " h\ t ox 20 

3 3 ! i . stributor 20 ha 

3i ^ t V 1 'J v V 1 i * Oil! Nil * 

TC'dp tt\ X l i J 1 ii i 5 j< 
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if appropriate. More | ' ! in one v. * ^ ! >% * the w < e * a access agent 2S may 
reorder s ; * ^ s payment, gateways to reflect i lu^ < ^ v ! 

\ \ i \ i > ! t <. s > 1 m» 

r :<•!=• s toipa e:nabthbed bsoveerj the content nxptesfor and the,^ : at ctoossw.* i!0 syce- , imhe 
case of EsiCitefcgS&SHp another third-party payment gateway. This reordered list of provider-- 
i ; f s , j , i , si s. < < u n gu T < in< 

i i-ifiv. 1 i . o < s bn ^ -v. 

hi a t i* jvi ^ > , ' 

thebaic! n spied payment gateways to as; oh payrsseni gateways wdh whieh the eosrteat 
b far»" w ! . ) I lei so? 1 !. h ; I v \ , S\ 

relationships In this way, the ! of accepted payment <k\ic m> rosy he expanded or reduced, 
s p < - I t < si, ^ s \ ! . , i i Ik ' U i K e2 h ' 

hs; of accepted payment gateways will again be eoonnrencated to ^ ,e e 3 access client 
28 s pewsntatker > < s ccasieot reepewtoo with a preferred paytnerP gateway being identified 
for presentation to the content reqoestor as each. 

On the other ;s; fallowing a negative detertoirsuion at decision block hod (i.e.. the 
rvS»ru.t\ t<"puy \i. 

access ageret 28 forwards the >> I : s - of payment gateways, neailered. to tbe 

i j * i access client 48 .for h a te the content requestor. Is this case, the preferred 

p<nrr;uh gateway, as identified by the content provider 16, will he presented to the catkimi 
requestor as such, 

, i » > j > ^ . i ova> that? 

p s ,h to die access requestor at block 610 or 612 is j s I as a I < < payment gateway, 
la esc embooimeag this nosy involve presenting catty the preferred payment gateway to the 
content requestor, whhont presenting other opoons. Irt t alternative u . t i u Im of 
I i s «. j gateways, with dtc preiboed u>r detank) | m gateway being selected n the absence 

< Sv. < < , Ot tP ] N * > ii ! s. > 

,; a wt.o.y w,,. * v v ^ - , ; .^6 man t ' ee.»ter,i 

! ^ N v \ > i 1 j <. < OC-ljkCs 

ieefades first content selection nneriaoe 620, accc;rdirtg to at; exemyhoy s moru t of the 
present ixweotKar, which allows a eotaksrt xeqaester to select s On ecntent. To this end, tbe 
v o - ^ v > ! i of content i < > 

a check box adjacent to each of these tides bast the asex may check to indicate selecties of tt 
ccsiteat item. 

\peyne i - K i t ^na , , N p$v ^ u 

> i ! i v i s v > r S h I 

>~ >nas select a ftailc" \na vUicb j>a\me«t tot - , o? 
As s n v in tbe exennnary pawnent seteeiiors nOcsiace 622, hxcyhsdTjgsg wallet is 



- K , < as o ^ / ru >i -a u ye o gateway e\ a n >. e button displayed adjacent > > 4 H>; 
Jot Jh s ^ \! o me~<sek>cfcd Additional vuUers are listed below iV Bxetogptasife walk 5 a < % 
order determined by the co.nf.esl: dktribtttor 20, or in the absence of any pteteronee by la:.: content 

Ktrihut *> ! c coiHcti sov d > 

The siieidodol.ogy re; described, above enables the khiowbig ilhtstrabve exemplary 
scenario. 1 National Baskeidab Association (NBA) may distribute a live basketball game over 

» >S tit. i I \ J > 

d di i ) id d ! ! ^ i •> ^ > >. 

5 > o A-\ i j i i 

When an 1 ^ > j user ispuesfe access to ids o a < a n • < o access ),u ! 
28 depkged by Kxaiisddalopyy operating oa o cor.it.em' distributor 20, the relevant conditional 

■, s s < , i ! > f < \ s > asevs r,s 

accepted by die NBA atx! received bote a conditional , serve; 3d operated by the NBA, io 

INydoNhbsme wadset wotdd io thb: case be presented to tive end user as the detach wallet 

u ; I a British Tea-corn aser requests aeeesa io the game viae conditional 

accesa agent 28 deployed by British. Telcom in its capacity as a content distributor 20, id 
prsferared sod debnbi payment gateway may be switched to the I •< s Telcom wallet by the 
emvatn eondidoo 

Finally, if a »s v. ^ comenito the game outside the EaciteayHyaya ad British 
Telcom aeicvorks, the pay-mere gateway communicated to the content requestor as ike default 
oi| fl M. .i i < ppropi ( « 1 

distributer 20) avid be the NBA wallet, aa specified by tbe NBA it; da capacity as a cm ? o; 
ptbvMsi Id. 

In U a - ! t A > << i > » N 01 (! , 

i ! Oi S_\.^k< % ( ! i V 

I O s N> <. is] 0 h 

inconvenience of having to remupply confidential n m n \ to the NBA, 

With a view to hopkntetitbsg the method 600 described above, both a content provider 1 6 
arm a content distributor 20 may s t»h < » ordered (or ranked i bat or payment gateways. To 
eisabk- d;e cotitatit disttibatof 20 deteooino vvhic'h payment gate ways sboebi be presented to a 
j i i a* <. v. , 1 , 'dm ^ct le hi 

» > do may 

ewaj-s 

1 > * «n t , i.vl n \ > i 

uticed Hats of payees i a as ou fo a iW&cr embodimestt, the contest 

< s « v hsis * in cot v- otu br 

other words, onty pay;nent gateways . aope;;r on the list of ids content distributor 20 arc 
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< . to the \ . - u , wj-fb other payment gateways that do not appear ox? o bet > "'^"K 
by the ,kn distributor 20 being .filtered out. 

hi * a bother esohoda-neoi, the < < v s distsibuios- 20 , i > i •> n gateways; 
s ! i i s v. "est provider 1 6 i 
A'Ml !ai lh ^IIM i ^ ss ypt o 

hi yet a bother erabodhacei of the present usvenoon, a oooie.su distributor 20 nosy he 
* io only present payment gateways that are nwhsded ;rs the ranked s o d by the 

» J ! i ^ < i, v > ( ! < \ >\ O ^ J S 

embodiment, the contest d $ . 20 , presented with the option of iu i o-i only 
a, >„osr< c i J 

1 , a o ^ J { \i i W div n \r> ab s 
may have ixx-e established between the end user and the paysuent gateways. 



OSftthbiy^ 

I i >ms 2" < < h< > ' ! ^ i , s v ■■ 

700 withis** which software, s the toon ot a aeries of srsaeftiiseo-eadabie u k 5 .o for 

< !»!}» £ S \ , , I <. 3; »U ' <. )1 > >! 

>S ? I s ! ' i S , , K 

a bus 70S. The computes- system TOO k bather shomx in include a video display nsrh 710 (e<g, s a 
ikj iul > o o ds pi U * * i o j > t) i i ^ , srm ?vMf alscs 
includes ao aipharuasierie input device 702 fog., 3 keyboardh a cursor aie l device 7.14 (e.g., a 
sy;oioes, a disk drive arsft < a signal generation device 7 Its (e.g., a. n s > si a network 
iateface device 720. The disk drive tmit JU ws&mxmdMm a rossehiiioooadshle medium 722 on 
•which software '7:24 embodying soy one of She .methods described, above s stored. The software 

> S O > s. ! I [ i ! t Sot 

wifthi the processor 702. The software 'Obi may turther;w.ue be s> u or received by s 
network iirterfa.ee device '"20. box she purposes of i pieseoi i s n the so u i a, 

l USI ^ ! > ! J \ 1 j Si ) i i 

seqireisee of insPrsebsssss lbs- \ i > by & aoscbioe. such as the <. jis, systes-o 700, and Oust 
carssee she snaebsue to perhuso the sooo .e of ibe ossroao inveotso-j. The ie;-su O.eohex- 
readable nsedssssra 11 sisasi be takers to soesusie, hut out ho booied to, sobxbssase soessru'rries, optical 

'i ^ < e > v«d,% .rfnif 

"4 ft v> v ,li d oj > v i s h *- ! iS'eb *■ s not 

s 1 v 5 i, ' m I i \ ihl O i | OS! 

I ' s i 0 s J i ^ if > s SO S 

v.eo t 5 i s <. s ! *tk i s u i i ai ft'. tt\ n'lio 

u ' . it < < <!0, isume foxm or ar'^iher (<, ^ . 1 1 ' e.Ove- 

applicaiioo, modale, logic, .p, as taking su action or cas.ssiog a result. Sv.sk expressios^ are 



won nymmmn'rm 

merely a \ st « I way of say big ? ^ m i n < . software by a machine, such as the 
computer system 70(Mo si at- action or a produce > result 

Thirty reeihods; ;s;ud systems to distribute commit via & network uhtmhm distributed 
eoemtkuial access agenta and secure agents, ami to perform digital n 1 1 o t< (DRM) 
have beer;. desenhed. Although the present bmeritioe has been described with reference to 
specific exemplary emhodraieMs, h cPd be evident, that, various :m:eiitio;dimes and ehangee may 
he made to these embodhneois without dupanesg bom da; hroaher spirit and scope of die 
us n < becommghy. the specification i drawings -re to be regarded b; an ilhrsbrhive rrrthet 
fh a restrictive * tse 
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! . A method to distribute contest via & network, the method including: 
att&ocom^ < i o* ! 



COfc » 1 t * 

operation, and wherein shs u ' * is specific to the > s s 



5 }kho< ' s <■ > ! 

tnpJemenfed ;o - <- jsstrifeutor. 



3. The method of chain i % 



5. method ofchihn 3 whsK-in she ;B:w<ehshO!) operation conqretes ao snorypho:a 



6. The method of claim 1 inch duu , > aing a request from i content consumer for 
delivery of the content. 

7. ! < t. i s e ts. v ,ii < < 

provider, 

:0 ; 0 nki 

«jctM»kU^ hee-mer d^.mhu^ t «w »k ^-nu:n p:o\ do v 5,0 em the product key is 

ierypied by the content j i I scia t > > i < 5 

9, ! ethodofe 8 5 i < rtoyauocia d vi&tbe « i f 1 
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10. hi odoid t> i dmg .rypfsny he t ! v e it h mt 1 xil n 
! ! ; -Mi i privity key of the < :i . s distriboaao 

11. I ill >S ti 1 k Jb< s \ ! s: 5 ; <. &< ! > Olltv 1 

j V < ( > s t 0' 

1 2. The method ch: claim 8 wberei;:; the content distributor caches the product key, 

13. 1 x > i i * hi 
\ cooler provider, wherein she access criteria \ associated with die k n 

14. v S j i > 1 a m e 

t ! ! K i « ! ; ! ! 1 

access criteria. 

15. The melhod of ckao i ioeiadsug reeeivmg user secure device s . ! ; . at the ooideoi 
1 s ! o torn a etaissvexce service provider. 

Id. I in 1 , claam 1 5 wherein the i a secure device infonnatbn is signed by a private 

17. , i f s > < no * s 
group of ir-tbrourdou hems mesudmg a paose value, geographic o 3 3 date 1 u 

and Hsne information. 

18. i K c\c k a 
s i provide 

19. I '« <. H .O \ l 3 ! it < i! 3 S.3 v n o 

wkierutili 3 3 

20. The Ox ! of ciaho 19 wherein the i n t » > ni is signed by the content 
pjmddermtilfzmg a secret key shared with lis* content distributor. 

21. k ^ h J sx nd ^ \ 3 i ! du • cgs.es m she consent ehatxikn* 

Hid 33 3 ! ^ - : i i< « cg!Cf3- <. 

22. The r;vcthod of okum 21 including attaohisge, a content distributer signature to < order 
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23. The wi of ekira 22 wkrem \U content coasts 



:>4, ; \ 



25. hs method < a 2 emfla 



res * ;sc» e smOmi 



26, 1158 method of okmo 5 >:ucn> fee osetyphori operation includes decryption of the 

s > n < < !< v j > provider > ky associated with ;he go r2c at provider and nvencrypPos of 



27. 



k nmgoffec 

2'. iY. :0: iU 



a > > , i distributor, coupled to tk content j < , i via < mawk and < receive -he 




30, i >ps?rs;itJon 5^ perP*; i > i,k« v «. s<i „ > >?^r 
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32, he system of clam 3 vbereiu t - v < v. s 1 t 

operative to watermark t eootent ;ss content l v ! spectheahy to the content consssmer, 

53. U i ! > n cs > 

m\ " ft i >s)i r s , edto tk 

content consumer. 

34. i s in ^ a sfcrikrto s to evaluate a re-q«« oro ; 
content consumer for delivery of the content, 

35. i < i s ! , o ;s ) 

o Mt\ - * << against access criteria ^. ' ! with the content and defined by the content 
provider. 

36. < a t n ! 1 ^ U o v 
which the content is encrypted from the content provider, therein the product key is encrypted 
by the content provider with a distributor hey associated 1 the content distributor. 

37. The system of claim 36 where? o the distributor hey associated with the ce-eten; h t 

uteri* distributor. 

38. The system of claim 3? whereto the content distributor is to decrypt test product key at 
thecomcM ot nohroag < private key of the content distributor. 

39. j a t jnioi t 'i ut n 

) <- B £ < > ^ - ,1 1 

40. ; i < i h fWOv! vA 

41 . The system of churn 3d wherein the content distributor ;s to receive access criteria .from 
she content provider, the access criteria bemg associated i the content. 

42. o 4 v i t , ^ , , 

the access criteria with a private key of the content provider to cryptogiaphicaliy combine the 

43. rk.-o* t pt eremthecoiiteutdistrtbuto < i ^ < 
irdrifmatku fom a comatee service provider, 
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44. j system > \ an 43 therein the ys«r seersre device information k signed by , private 
key of the eorametce service provider, 

45. ) i,^* oi^ tn4 ^ v\c f ik> u\ v m v k i on * 
group of trttbanarioo sterns fadudkg a purse vaks, geographic IrOibeaiafKni. date infenafen 
a;od fee information. 

46. F> » ! i ' s ' ' t ! s 
rt edoit i :; ;i oMentp OS v 

47. ! « i i iv, ' ') 
is g <f ! < 

4h. Use system of cafes 47 wherein the content provider is to aign the subscription 

ihatcn 

49. 14 . < i > vt m i t i v s is 

and to transmit the ordss request to a content > o for acceptance, 

50. I , i s i ) < t >v en 
! sun to the order retmesi. and wherein tire oosneoi: consumer is to verify the content 

Issiri ato n maters. 

51 . I be system of akin? 49 wherem i content ooismoter is > >- >\\ i for an k> Hi il- 

< ja , i to aigaed an ookr eontnrataioa, and «dremso the order coklmiaoon ia t n < from 
the content consumer to the content distributor. 

52. s < < o a >, ! < u i < a s 
a i. hys * s n re em 

53. osvin the content distributor is to create & secure e^sm r.<. i 
i-m v i, v- v o s ^ i meks * n tm on <. <. <- c. < snm 

the consent corrsstmer. 

54. , \ sss , ^ v , ? rX , no < . if L< ! >th 

v k> ,iki\ ^ | ! t < o < < ! u < < 

Ik o \ -i <■ \ . ,e u^er tsxy a^oes o- n-nmer. 
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wo hi w»i 

distributor; 



fee set of; 



encrypted Keys from the conic;;! provider < he mui 



eonraomio sting she pre^hse-t key horn the eoKt.cn; .provider to she o 



piO-JlJttkSS i< C> iaUU« iCi O.UC3S( kCYS 

60. The method of claim 59 wherein the product key is encrypted with a public key of the 

> O tU ? 01 v UkK pt «V O v > ».1IK< *K H < ♦ <. p! K t 



0 i . The ;r;ediod of ckrirn 5? o t receiving. 



62. ' h.n shoe 

em assot iatioa with mereq 



> . - . < e< e , 1 i wo 




criteria with the product: i;:sy ; and 



66. v v c«f.rvp^g the |\o- f 

v * oh . Y ^ s « > s , i! m n * o u i to the 

contest distribtitos 



67. ^ .* eh * 1 < » J 

voan p ( > > v ptm> the pj(\5 » \ n 

C >» » the product key be;og utilised to decrypt the set of master encrypted keys to oxtrsc 

l '\ >.-t s t ^- \M1 hoys. 



be. The ",;ii!o>f of claim . '-xk'lio *nsn to no the cometo distributor to toe ^<\ks\ 
atom, a request fax user secure device rafon&atfcm 



69, T vivtw oUlrf^ 'i'o'i> \nk» 

mon. 

70, The method of claim 69 ineimkng consimctogg ai the content distributor, m order 
requ<r»Hor th« conk i < s , 1 ^ > - 

! > t ) < i >t ! ' S 1 i > i>M U v. t \ 

o i , r\'\- s 

71, iU. t f! , v ' ! s !> i 

i to n > s ! s i k i i 

72, > ib ) i ^ si i to 
order ubhtoug a user signature and eceoaoraieaiss tow order u> the content distributor. 

73, The method 1 i m 72 wherein the cooteat distributor, responsive to receipt of the 
order, verifies access critero; arid < i < signature within a physieahy secure un ;>t 

74, The method of ckrto 57 wherein the content distributor creates a secure a ow - el session 
with the con tern ^ ■> o creaks ^ user key, encrypts the user key with a public key of ike 

o> H <! s ! > ( t^ v. 1 i ) t s 5 l 1 3 JO 

secure network session. 

75, , ~ to u>m tho eontem e 

o i t a pri u key associated i the content destination to extract the user key for a 
purpose of decrypdng the set of encrypted keys, 

?6. v v i i ! 'u 1 4mg 

, corners; distributor coupled, via , network, to a content provider and to a content 
des&Mion 

on cri mv<. ;<p , v. 5 i u i s i 

utilizing die set of session keys, and to * ^ $u. the set of session keys to the canton! 
distributor 

ou\ UmgtootKnpH s osi ihnng< os si\ o 
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gs iK.uie a oti <dua;r\pk\l ktys, £•> fran su ihc s^i ofercrypk-d key.s to the content 
1 u sn, audio &nst t the user key from (he co&ten tribmo >tl« oaten 

o ^cuabtetfaeconkiadesHnatkaito ^the toj r < k< -k 

i„ ' ilk - ~t <! ^'i O a>\1 

the content destination y\ * ! to utilise the set of session keys to decrypt < encrypted 
content. 

77. ih t miKsv s \ - n c-sarsing 
sequence of session keys;, 

78. h < 1 i v k ! \ » ^ s e. v - 

kidding a product key to generate a set otkaiater etonpyied keys, to coronnukcate the set of 
master encrypted keys from s content provider to the content distributor, \ io a > 

, « ! < key < Ok; celery provider < the content tbskrbnnsr; and wherein cement 
' n » i is to decrypt the set of master encrypted leeys utilizing the product key to o i the 
set of session keys, 

79. Fhesyst* n i k > > > i:ed with pafh < 
content distributor prior k> coeuourucadou td the product key from die <•;.<!; tent provider to tlx; 
content h so that , public key Is only available to the «. < n distributor, 

BO, <( ' it t i . \n m to d \t t. 

of di. >o h\ j s ,- , i vm destination. 

81. , t 0! i ! K it 

s N equest 

■k2. v j i ; i < < r i « 

\ N s. i , vqaest 

S3. The system of claim a wherein the content distributor is to generate a request for access 

rites troduet'k ( t quest b < nleria « « t 1 
provider. 

84. - v > 5 , > Oi >i ti 

i. > i ^ S v < 5 i . 1 > t ! ! ) 5 t ill 

v.'H f O 'iU l0U),li)U)L, v 1 T.J hit. 

product key to ids content distributor. 
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85. The system of claim 84 wherein fee corcfearf piovufct is. to enctypl d;e product key with a 
public ke of th xs iem dist tbutoi prior to a >> >tst ;ihoe of ■ e p oduc i key to the content 
disaifeutsr, 

H6. The system of eiaie; 84 w.heo/.h-- she etsoesn chsrdbumr is to verify the signature of fee 

si j! s i < ptti $v eaexyptsd keys Jo extras 

' ' '- : 

S?. > 

j < >< ! s > oation 

88. h s ? ' v m m 
> n s S j ! 

89. 1 h< ' s i < s t >j s ! ! ^ 5 t 
< cos«er;t based oh tire secure device imoonadon. the access criteria and the mnsoR 
information and to n s the order reqoes; fn-ra dso content distributor to dse < u < < 
destination for rux'epiaaee, 

90. The system of claim 89 wherein she oxdsr -request i nck-des a sigx:agsre of fee cotrtetit 
i isi and Khmsm the may process venkes the xigsnstors of the contest n s s 

91. ^ v i < 5 < 5S l 

Mtl ! t» 50 » ! ! On, 

92. t system ofekiro 9? svheneo die corPcsn dkanbsxor. responsive so recei.pt of die order, 
s > , ' v - signature vysthm . 5 . ^ v< ot f 

93. s * si 1 ) f <. . i j 

o sort s ! d> j pub ^ 

key of toe content dessinado-r sad io coraonodeaie the encrypted user key to she cement 
Si n * ; .is' • e ^. e . <.)< ii 

94. k s- < < , ! t > t . , e 
p; post 0? iecryptmg the t e-e jacrypted keys 



won fcmrnvmn 

95, \i)ati^iiAiUm«5koii«fm\sde>jTumApiKH5K^ borage and distrihui >■) m s 
method including: 



v v * ^ | e I iM< iw) v.J na o i 

fhcr i ] ! ypimg first contest co ? > ) du 

P > b OUv v v 0 > . a < t s CO u-rf »!iC 

] rookies 
the secure device public key; 

within the first secure device at' the service provider, eriorypihrg the ps?-i>d\uvr key using a 
storage key ayiicsciatso with the first secure device; aad 

U ' ? i ! I . , O " , v. . 0 0:^ - ^ ^ t \ d { 

96. h ah n j so < ( ! i 

content providers of a plurality of content providers, each of the v« it j i , o» < <. > \ ti 
controlled by the respective coatees providers, 

97. The method of rdairn 96 whereia each of the eh j of product keys is generated vvdhio 
a second v iu device of each of the respective coo -em providers, 

9S. Use method of stake 96 iockakrsg receieieg rate informatioo, pestaishog to access; to 
associated content controlled by a respective cement provider, at the service provider wherein 
the rate hdbnnati.on is Stored < the service provider aod is associated u at: h s one product 

\ \ Oi < O S\> so C- - > 

99 J\ i ^ v. s i u ! t >t 

, intruder 

tOO. v v. * , ! a l < ! I 8< j » d 

V o x cc x k \ s 5- , j ! „ < on.ei 0 5, > , i * 

101. v > i it i 

ovi tej with ox? associated content provider certificate. 

102, Ik p ^ <.s. \enhes * 5 ua' u -nt tV 
s dc cdVsch of&e p s o f orwt ■ senders 
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103. The metal of ci 
receiving a isqise 



■he service provides from ; 



edwkes h 
oragekey; 



o device sO die service provider, dee repays & r; 



*key ; 



je secure dewe of the s= 
s seen. 



\>K ^ >v->dis*.; K\ oh. ; ;he 



105. The method of claim 10*N 
requestor seoxer key >< t decrypts > > fsm e 



receiving a Sirfer key for each of the > « j of < 



danker key 



a p? of further keys, , ^ t ; 

X ■.. > 1 V K \ ' 



key:, 



he ru 5 



e device ptiijiic ksy e 



won n:Tmmn'}-m 

109, A,„vWott> ro^dc tr ^ ^ > ' ^ v k 

iuchidiug: 



a ihsi ro-t..ri 05 v. aod 

miv pun-icU vvspuv i «\' . v>-o ro d--.ro, v iK^veTv to tec^JVe a 
* k - <. \ v S i s rarokei f 

encrypting ha ;i content 0( >ntrohed lp the fa ;i content provider, raid i 3 > being ess n pled 
cvron v) » >\ -> , s ^ s ;u>i-k''-'\\AMvV'i'V 

ll ! v. , ! i < " K v v. 5 ! < 

the t > k i key f i < < the secote device public key and n encrypt toe product key using a 
storage key associated with live first secure- device; and wherese the service provider is id? to 
NhfTCilieiMOt if 0 ! < 

HO. In 1 n ( ^ - i tl s 4 v. 

keys XTon:i respective eooiem n i of a plurality ro ronros provider's, each of the product 

\ V > B vM i ! N V ? " I O 

UL ! k-s^ j< t > wtat r >v dd.hepsi i th mkty of product 

toys is ^Md wither a second secure device of each of the respective contsent providers. 

1 12, The system of claim i 1 0 wherein the service provider is to receive rule iorormahoo, 

l\ [ , ! i .»N > K 1 

the role 1 1 > f f 0 < rs sfcrred at the service provider .rod is associated - \i at kit one product 
k - Vi.i d e te. i ,>rovi>Ax 

Id 3. v i o >. pd u ^ 1 

lid. t ' i rod M i , i ( . , i 

fosys, ux> W with the secure device public key, is signed using a respective content provider 
private key, 

IPS. I s. ^-aem ikh m I i ? > -i. t . • * i'i e e pto>ro 

x t s > j i < 1 f v. 1 fcate 

ltd, i s • v. ! n s v. v ro i - 1 t 5 , ue «J ro 

i! u^HFt (Iteii 1 if iro * \> ;d ^ d ronte;a prov d-->t\ 
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117. i * 3 j he s > J a riven o a t<tq j n 

! t N ^Wti b(0 

! * is v l I T d s V t » i >i i \s > ! 

storage ! io decrypt a requestor secret key associated with ; he requestor, s to ov % 

u -s , i> - She product key , encrypted svith the requester secret key, to the requestor. 

IIS. i i ! k s s N < ! 1 > s j 1 ' 

s , s < ! sector key, arid the service provider is ;o s c >e the product key so aa eiai-uset > 
rakk the ei Uhe first corrteu 

! ; 9. > i 1 ' s ^ s ! s U 

, s < , > s < ' , < eusestor. 

120. , i u 

e> -eee<a>s. e 1 ' . • . \i e ,u ■ ;> :><d< key to each of 3 plurality of coo;e;U requestors; 

receive a further key for each of the plurality of requestors, ike further key beiug 
t s s 

store a plurality of ftuther keys, encrypted utilizing the storage U associated with a 
respective requestor. 

121. n ' i > t o> 
the first secure devise. 

122. \ i ! i s > * o ! 

;23. era v s,. si s 5ft x ? i j 

associating s user device autbeotkarioa process with ike «< ut , \] 

s m , s !eJd^iceau5hv,iiUc&tonr t.scss ds ,\ s 
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wherero n user device 1 n m process » ! lbs » < v , device autderiuc&doo 
process comprise separate aorherteeeko-.n pmrecaes to protect the contest from rc:etotk.^:oed 



124. 1 % V >.<tv5, " N ! S 

si' . "i of a rsaer device oeratks,te. 

12k f ! I v(*»I\<.i$t,">ll 

I2te ; f » ! v * v ^ \ 

a user device, 

127. 1 , * ^ ^ ! n 
< <\< i ), > * * s n i 

128. > > f 1 i 1 * c ^ 

I U ! i < ^U508ti? 

129. I * v method of claim 1 28 wherein the verification of the copy-protected device certificate 
occurs at ai agent remote from a copy-protected de vice. 

130. Use method of claim 1 28 k c the verification of the s > <. ? device certificate 

<. vi ' i Of V l v . i ,\ s< 

13.1. ! v \ - s 1 < o < < 

<.ej s 1 \ <. t h p > 

k encrypted, with a pohhe key of e copy-protected device. 

132. te nvtte ,e;\i s ; m te ; .<] >* h o- \ \v ... v*. vw 
protected devke o t v v processes with the content includes encrypting e product key, to 

S V ^ ! ! I I J j > i i I 1 

device to create e Pvkcoajcryrned product key. 

133. > Uik! v . ! ' dMt. 
tee pifbl.se key of a riser device to create a ooce-einaypted predcer key, and second encrypted 
with >. pal ,e ks> o sc w s ^ v. 1 u<. t s v v. n o \ ul key, 
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134. The method ofehhm 1 32 wherein the twice-encrypted product key Is included within a 
license associated with $fa« content 



135. 5 tK method ot\ km \ s urn. at a i os s \ 

i ? the h 1 ' A-' public key, a certificate serial maimer, m issuer ' I > . ft 
aubrmatiom 

!36. bo's i x t < i , v $ c m s 

igxmtoe by a license i r=d rtitu j ! 

137. i i V 1 ! ! ' n v. \S «djLvfo 

product key. 

138. The meihoci of claim 1 3? oiwrem t'lse user device decrypts lbs < .. f s ^' p o u 
key rdikxing a private key of a user device. 

139- the \ t , , ' - ' t ><K i 

device to decrypt the m c e- ^ ka product key, the request n dn > m a s b e -m e t the twice- 
encrypted product key. 

140. Hie method of claim 139 wite.mi:e the chalkage includes a private key cf the user device. 

!4L s > 1 t < e > t -»| 

i h s 1 > t > f < i ». s ! <■ < i f l t ^ 

product key. 

142, 5 method of els t ' <. ' s \ th k ypn 
product key utiliciog a private key of lbs copy- protected de vice. 

1 43, A system to secure eonteut for distribution via- a network, dm system kwladmg: 

v p; pk end - 

a eoftfeat e* nto coupled via the setwork. to both h <. ar:d t ^utuki 

tilt f ll tlj t" t I 

atdaentleaiion process wiffe jespeet to the . contest, 
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wherein ihe uses devkeaa&eri eaasaMtheesspy-jfUM v ,d< -<• u si 

process < o < separate audiexuicadou processes e:> protect f\ oomem tYosn o 

144, I e v.x v »v« ^? „ i t. mob tn 

t V 5 K I > v. v , K Sit dv .> v. 

145. I v * > »<. Milv - 1 i' f s ,\ 
bcado the u ik s again > tes scess criteria 

146, \ 1 t v 

r >k\ v ? ' 1 ' i a i * > ! < device oerdficate . ■■ < i e with the copyprotected 
device. 

147. The sysism of ckem eke wherein ! verification of the copy-protected device certificate 

>. , ! device, 

148. Use system of okhro 1 «6 wherein the verilieatiou < the copyprotected device certificate 
occurs at ii < p i i k 

149, \ u vsv e Jw i 
> i s t >. < thv i ^ N 

wife which the content ! euerypied. with a public key of the copy-protected device. 

150. \ V , < , i ii 

be u device uul rot el k - «th \ ties uooowu norypt a products > 

wuh which the content is ereuypied, with both a public key of ;he user device are? a public key of 
die copy-protected device re create a iwwewneryp;ed product key. 

151, , \ \ i ! d n 
die public key of rise user device to create s once -encrypted prodocs key, and second cuerypiod 

^ N \ v!| i v I v W \ i v. s t> 

152. i ev system of ckdm i 50 wherein the content J i s is to uwkide iho i v . \ 
produ,; Lw wider a hwwe welded >s I the eweent 

153, tu- s d tH\\ut i ,viK Tv Jv u, i i' 4 o v ct 
in t ^ 5 u i i > ! tt tu > 
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154. Use system of clauu I5. s v.K-s % i v .ociodes a 

" » \ u ! s ^ v < 

] 55. The system of ekim 151 wherein the user device authentication process mchides. 

i t , S ^ v> k< KU U I 

product key. 

156. i e ' » <- >< >k w v k ] ' i <\K 

key utilizing a. private 1a > > < > ^ device, 

15?. The system of ckim 1 51) wherein the copy-protected device- issues a t'eqaest to the me?: 
device ks decrypt the hT.ee -encrypted pKsiectkey, She request iueiedrog a ehakkage to the twice- 
. .i p 5 < e , 

158. lit n > i ! < v 

1 $9, The system of claim 1 5 5 wherein hie copy-protected de vice sstherToatioe process 

mc hides decryption, of the once-encrypted product key by the copy-protected device m reveal the 

product key. 

1-50. 1 < e - f . v the ft? < 

ereesypicd poxket key " t a prrvaie key of the ' > t i 1 device. 

161, > < s v Kih I 

including; 

generating the content license at a cement provider; 1 < 
signing the content Ueense tnikeem a symmetric key. 

162, k oU i | i > 

553. ! k i 3 - > j i « If 

eadrypts the contest, 



won n:Tmmn<)-m 

164. I m Jim > 1 jry om ^.^ki 



165. I K method ofUmrn 161 :nd A n t^u nu< >g • Vv:;v m ,ot5?e yue;> * >th 
the content to a ronp ;o< 

166. IK mtKv ouluim ! 65 \ n o^oro-: uy nxn Ley m the recipient 

167. The method of claim 166 wlieiism fe ^metric fey k encrypted with a public toy of 

168. 1 m i ! » i« s ^ i i ifi «fti w ih < > Ok 
< Ipimtntx gl nmeinob 




169 whema veriikatkm of ft 
hresmtofffeec 
hi k \ iv i > ertherh -J e 



» of . signing of the c«ruem iicsose 



1?2. An 



requites: via ihe ssrwor'k; 



s i 5 n (k-:h s f cements 



pckfiirrooga eonaoruequcskrr ssuihorisation process, lite oorRenuequostoraumari 

< V 5 X , M il h v >! » 

i btenovirnvr geopj-aphso v. .sau'^r IV as tu.. , ars. ' 

ether $ aphlc looai? empties with phk a 



won fcmmamm 

releasing the coster;?: < delivery to the content j i i i s > jf she u< <. kc&rioo u 
who d,e ut-o^uvduo vUx-ox-s criterk; 

The mcded of lin 1 " wherein the v ? 3 ^ of t he geographic loeatiou k ^ •> 
j ernoning s delivery addo > wh 5 - 03 stotecux! device associated with content 
requestor was delivered. 

174. h i 1 a ! < v 
requester if the delivery address < < n «. with , geographic access ti' 

175. I s c ! > i ■> v o i ^ 

I i a s s t < t \* it 

176. i i Si a! I > < s ; >. s ! 

177. l , it, 1 <>iM J»0 

t( ft! < < < I j < N ! v 1 

source location. 
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